← Back to context

Comment by arccy

2 days ago

where do you get all these trusted people to review your dependencies from?

it can't be anyone, because you're essentially delegating trust.

no way there's enough trustworthy volunteers (and how do you vet them all?)

and who's going to pay them if they're not volunteers?

0 comments

arccy

Reply

No comments yet

Contribute on Hacker News ↗