| ▲ | efortis 2 days ago | ||||||||||||||||
Show them this Ken Thompson paper of 1984: "Reflections on Trusting Trust" https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_Ref... And then hardware compromises… I don't mean install anything. I mean, it's not a problem particular to the JS ecosystem. | |||||||||||||||||
| ▲ | lrvick 2 days ago | parent [-] | ||||||||||||||||
I full source bootstrapped a Linux distro from hex0 all the way to nodejs binaries just to deal with trusting trust risks. "just give up" is not a valid strategy. | |||||||||||||||||
| |||||||||||||||||