top | item 45973459

(no title)

fishpen0 | 3 months ago

Not really comparable at any compliance or security oriented business. You can't just zip the thing up and sftp it over to the server. All the zany supply chain security stuff needs to happen in CI and not be done by a human or we fail our dozens of audits

discuss

goku12|3 months ago

While true, the mistake we made was to centralize them. Just imagine the case if git was a centralized software with millions of users connecting over a single domain? I don't care how much easier it would be, or how flashy it would be, I prefer much to struggle with the current incarnation rather than deal with headaches like these. Sadly, the progress towards decentralized alternatives for discussions, issue tracking, patch sharing and CI is rather slow (though they all do exist) due to the fact that the no big investor invests in them.

__MatrixMan__|3 months ago

Why is it that we trust those zany processes more than each other again? Seems like a good place to inject vulnerabilities to me...

cyberax|3 months ago

Hi! My name is Jia Tan. Here's a nice binary that I compiled for you!

goku12|3 months ago

This isn't really a trust issue. People tend to take shortcuts and commit serious mistakes in the process. Humans are incredibly creative (no, LLMs are nowhere close). But for that, we need the freedom to make mistakes without serious consequences. Automation exists to take away the fatigue of trying to not commit mistakes.