zlacker

[parent] [thread] 2 comments
1. falcor+(OP)[view] [source] 2025-08-21 19:51:46
Trust is absolutely a thing. Maintaining an open source project is an unreasonably demanding and thankless job, and it would be even more so if you had to treat every single PR as if it's a high likelihood supply-chain attack.
replies(1): >>fnimic+h7
2. fnimic+h7[view] [source] 2025-08-21 20:31:35
>>falcor+(OP)
While true, we really should be treating every single piece of external code as though it's malicious.
replies(1): >>tsimio+km
◧◩
3. tsimio+km[view] [source] [discussion] 2025-08-21 22:01:52
>>fnimic+h7
No, we shouldn't. We live in a society, and that level of distrust is not just unrealistic, it's disastrous. This doesn't mean you should share your house keys with every drive by PR contributor, but neither should you treat every PR as if it's coming from Jia Tan.
[go to top]