• wkk@lemmy.world
    link
    fedilink
    arrow-up
    7
    ·
    12 hours ago

    Python with PyPI, C# with Nuget, Docker with Dockerhub, Java with Maven Central, hell even just regular Linux packages from dodgy repositories…

    Supply chain attacks concern almost everything everyone everywhere.

    • mox@lemmy.sdf.orgOP
      link
      fedilink
      arrow-up
      3
      ·
      9 hours ago

      This is one of the more important reasons to minimize dependencies and be very picky about the ones we adopt.