Skip to content
Better HN
Top
Best
Ask
Show
New
Jobs
Search
⌘K
0 points
marcus_holmes
6y ago
0 comments
Save
Share
Every time we include a dependency in an application, we give its maintainers commit privileges to production. Who do we trust?
0 comments
2 comments · 2 top-level
top
newest
oldest
0x0
6y ago
An open source SDK can at least be audited and locked to a particular version, with no hidden shenanigans.
microcolonel
6y ago
That's only if you don't review the changes, and trace the entry points at least.
j
/
k
navigate · click thread line to collapse
