| ▲ | metaengies 3 hours ago | |
Actively destructive opinion article. I could not begin to understand the rationale. It takes 45 seconds to go check how old the copyfail and dirtyfrag vulnerabilities actually are. Which is longer than it takes to read TFA. Dirtyfrag may be relevant to systems from as far as 2017. It's not "new" software being affected. And actual old software is in a much worse state because we had a lot more time to find their problems. | ||
| ▲ | smallpipe 3 hours ago | parent [-] | |
OP is suggesting that a supply chain attack would be bad now, and to reduce that risk by not installing/updating NPM packages. | ||