Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
qudat
on Oct 23, 2021
|
parent
|
context
|
favorite
| on:
NPM package ‘ua-parser-JS’ with more than 7M weekl...
But then aren’t you still trusting a third-party to properly audit their own code and ensure it doesn’t get compromised? Where’s the line?
totony
on Oct 23, 2021
|
next
[–]
It's easier to trust 1 org than 1000 different developers.
gnu8
on Oct 23, 2021
|
prev
|
next
[–]
I don't know where the line is, but I know users of eg Debian don't find trojans and cryptominers appearing on their systems after routine updates. They have thousands of obscure packages, but they don't let just anyone upload something.
Zababa
on Oct 23, 2021
|
prev
[–]
You have to trust someone at some point. I think that was part of the point of the "Reflections on Trusting Trust" lecture.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
