Debian has had a better "software supply chain" posture than any other player in the ecosystem since before the turn of the century. While we all face the risk of malware from upstream, Debian is the least at risk of being affected by it. See for example the stream of issues from npm et al. None of it has affected Debian.

▲

suprjami 8 minutes ago | parent | next [-]

You do remember the xz-utils backdoor was found in Sid right?

https://en.wikipedia.org/wiki/XZ_Utils_backdoor

▲

alkindiffie 5 hours ago | parent | prev [-]

> for example the stream of issues from npm et al.

Curious, what distros where affected by npm supply chain attacks?

	▲	throw_a_grenade 3 hours ago \| parent [-]
		It's npm that's affected, therefore it's not even considered when choosing language/ecosystem for writing distro tools. You'll find no sane distro writing package manager in javascript precisely to avoid this joke of a supply chain.