Looks like Python just had a left-pad like incident (opens in new tab)

(twitter.com)

7 pointsDiffProg3y ago4 comments

4 comments

Quoting: "I'd rather just write code for fun and only worry about supply chain security when I'm actually paid to do so"

A Python package in use enough to be flagged 'critical' could be earning a few hundred US dollars per month through Tidelift if the maintainers sign up. Which should more than compensate the 2FA overheads.

rurban3y ago

Does this really work? I assume only for popular JS, python or ruby packages, right?

stubish3y ago

I assume it needs to be popular, yes. I've assuming 'left-pad like' means popular, and may vastly overstating. I've been paid monthly for over a year now, but my package was top-20 by download count when that started.

ggm3y ago

Article says it was a mistake. Maybe post initial publication revision?

j / k navigate · click thread line to collapse

4 comments

stubish3y ago

Quoting: "I'd rather just write code for fun and only worry about supply chain security when I'm actually paid to do so"

rurban3y ago

Does this really work? I assume only for popular JS, python or ruby packages, right?

stubish3y ago

ggm3y ago

Article says it was a mistake. Maybe post initial publication revision?

j / k navigate · click thread line to collapse