top | item 46530349 (no title) akuchling | 1 month ago Stray thought: adding a library the PR submitter controls would be a good starting point for an XZ/SSH-style supply chain attack: badger & threaten the maintainers to add the dependency, and then sneak something into a future library update. discuss order hn newest falloutx|1 month ago This seems like a huge red flag, there is no need to add any more dependencies to an already fully featured repo
falloutx|1 month ago This seems like a huge red flag, there is no need to add any more dependencies to an already fully featured repo
falloutx|1 month ago