Julien Barnoin on Nostr: The whole situation around the #xz backdoor really demonstrates how fundamentally ...
The whole situation around the #xz backdoor really demonstrates how fundamentally broken most development practices are.
There should be two kinds of libraries we use:
- Ones whose authors we decide to trust based on their security practices and track record
- Ones for which we're willing to read and understand the code (and dependencies) each time we update it
Package managers like npm make it way too easy to import random code.
Of course, pretty much no one does this.
#programming
There should be two kinds of libraries we use:
- Ones whose authors we decide to trust based on their security practices and track record
- Ones for which we're willing to read and understand the code (and dependencies) each time we update it
Package managers like npm make it way too easy to import random code.
Of course, pretty much no one does this.
#programming