Comment by pipo234
2 hours ago
But presumably, you only include dependencies that you trust and those dependencies themselves do their trusting more strictly than you. Trust is built on vetting, signatures and reputation.
That is, at least what we do, in theory. In practice, we cross fingers and let the LLM pick dependencies, are satisfied if it just works and we either update our deps frequently or infrequently.
> Trust is built on vetting, signatures and reputation.
https://news.ycombinator.com/item?id=47017833
Well, now with an irony, but sadly, of course.
Would red hat be considered a trusted/reputable vendor?