top | item 45329489

(no title)

bjconlan | 5 months ago

Perhaps if a supply chain attack is your largest concern then using some well vetted system like wolfi is more up your alley. (See some of their related repos on GitHub https://github.com/projectbluefin - I've been following the development of it and currently it still under development.)

Again "vetting" is a source of contention here as I'm not sure how the quality of official rpm sources compare to those outlined in an sbom

discuss

No comments yet.