Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Even better, only use company vetted repos, everyone is forbidded to install directly from the Internet repos.

This naturally doesn't work outside corporations.



That usually ends up as proxies to the upstream repos, because the people managing the company repos don't have time to review every new version of a package.

At that point you're just as vulnerable to a supply chain attack.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: