Jacob Pratt on Nostr: What happened with #xz is precisely why I ceased support of serde versions that had ...
What happened with #xz is precisely why I ceased support of serde versions that had pre-compiled binaries included. It doesn't matter how trustworthy someone seems or how long they've been maintaining a project.
I caught flak from a number of people, including one person (in person, and respectfully!) saying that I was "policing the ecosystem". Which...yes, that's the point. Unknown, unverified binaries being executed is unacceptable and dangerous until proven safe, not the other way around.
I caught flak from a number of people, including one person (in person, and respectfully!) saying that I was "policing the ecosystem". Which...yes, that's the point. Unknown, unverified binaries being executed is unacceptable and dangerous until proven safe, not the other way around.