undefined | Better HN

0 pointspalata2y ago0 comments

That's the thing about trust: not everyone uses it the same. There are documented examples of malware being injected to millions of dependents through package managers, so we know that "hierarchical trust" does not work.

The big difference with a distro is that I choose to trust the distro maintainers, which is only a handful of people. Whereas with your hierarchical trust, you choose to trust many random people.

0 comments

1 comments · 1 top-level

rendaw2y ago

I know I remember there being a couple big events in the news, and I know the Javascript ecosystem is also a bigger target also because it's so popular, but do you have examples of these attacks?

j / k navigate · click thread line to collapse