not_IO@lemmy.blahaj.zone to Programming Humor@lemmy.worldEnglish · 2 days agonpmlemmy.blahaj.zoneimagemessage-square15fedilinkarrow-up1158arrow-down19file-text
arrow-up1149arrow-down1imagenpmlemmy.blahaj.zonenot_IO@lemmy.blahaj.zone to Programming Humor@lemmy.worldEnglish · 2 days agomessage-square15fedilinkfile-text
minus-squarekopasz7@sh.itjust.workslinkfedilinkEnglisharrow-up4·2 days agoThe problem isn’t the package manager. Many small dependency packages multuply the attack surface of the “supply chain”. (it isn’t even a supply chain when a dude opensources his code as-is then a company decides to build their whole business on it)
The problem isn’t the package manager. Many small dependency packages multuply the attack surface of the “supply chain”. (it isn’t even a supply chain when a dude opensources his code as-is then a company decides to build their whole business on it)