not_IO@lemmy.blahaj.zone to Programming Humor@lemmy.worldEnglish · 2 months agonpmlemmy.blahaj.zoneimagemessage-square15linkfedilinkarrow-up1162arrow-down19file-text
arrow-up1153arrow-down1imagenpmlemmy.blahaj.zonenot_IO@lemmy.blahaj.zone to Programming Humor@lemmy.worldEnglish · 2 months agomessage-square15linkfedilinkfile-text
minus-squarekopasz7@sh.itjust.workslinkfedilinkEnglisharrow-up4·2 months agoThe problem isn’t the package manager. Many small dependency packages multuply the attack surface of the “supply chain”. (it isn’t even a supply chain when a dude opensources his code as-is then a company decides to build their whole business on it)
The problem isn’t the package manager. Many small dependency packages multuply the attack surface of the “supply chain”. (it isn’t even a supply chain when a dude opensources his code as-is then a company decides to build their whole business on it)