HackerTrans
トップ新着トレンドコメント過去質問紹介求人

codedrift_

no profile record

コメント

codedrift_
·10 か月前·議論
> To achieve this, we require that packages are built on a trusted CI/CD platform

Given what happened with NX [1], I'm hoping GitHub Actions disallows certain types of commands in their YAML. Otherwise we still have a straightforward way to attach provenance to malicious code. =\

1: https://x.com/adnanthekhan/status/1958722939534417989