HackerTrans
TopNewTrendsCommentsPastAskShowJobs

codedrift_

no profile record

comments

codedrift_
·10 माह पहले·discuss
> To achieve this, we require that packages are built on a trusted CI/CD platform

Given what happened with NX [1], I'm hoping GitHub Actions disallows certain types of commands in their YAML. Otherwise we still have a straightforward way to attach provenance to malicious code. =\

1: https://x.com/adnanthekhan/status/1958722939534417989