[dupe]

Actual post: https://github.blog/security/supply-chain-security/our-plan-... (https://news.ycombinator.com/item?id=45346445)