Comment by dualvariable
2 hours ago
> Github has changed their policy in 2022.
Which means that in the age of supply chain attacks, they patched the holes.
Which is exactly why this policy that AUR has is terrible in 2026.
The fact that GitHub didn't have that policy back in 2015 isn't the counterexample that the argumentative crowd here seems to think it is.
That is the GH policy right NOW, in the year of our Dog, 2026.
AUR is pretty grossly behind the curve, and I'll certainly accept that GH was arguably slow about it.
Defending AUR's policy on the basis of GH's policy being shitty until relatively recently isn't a good argument.
No comments yet
Contribute on Hacker News ↗