Damus
ARGVMI~1.PIF · 8w
I don't care what your board of directors thinks. They aren't responsible here; you are. I don't care what some briefcase-wielding salesman says you can “optimize” or “pivot to”. He won't bea...
ARGVMI~1.PIF profile picture
And no, making programmers jump through hoops to publish their code isn't a solution either.

When I ended my brief stint maintaining an #npm package, they were cranking up the authentication requirements already. By now, they probably require a verification can and a stool sample every time you want to publish.

This has done ABSOLUTELY NOTHING to prevent supply chain attacks. Maintainers are still getting phished. Exhaustion has deprived them of vigilance.

#security #cybersecurity #infosec
1
Dr. Bruce Simpson · 8w
nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpq9zsljfx8tjyzplququr9xmqctclx0qc2mw5xydzx0udqzrfade4qmtrtl5 I had a beard-stroking moment when I saw only 4 "approved" forges are there for PyPi's "Trusted Publisher" feature over the past 48 hours (I've been sciencing the shit out of this very t...