| ▲ | pipo234 2 hours ago | |
But presumably, you only include dependencies that you trust and those dependencies themselves do their trusting more strictly than you. Trust is built on vetting, signatures and reputation. That is, at least what we do, in theory. In practice, we cross fingers and let the LLM pick dependencies, are satisfied if it just works and we either update our deps frequently or infrequently. | ||
| ▲ | jruohonen an hour ago | parent | next [-] | |
> Trust is built on vetting, signatures and reputation. https://news.ycombinator.com/item?id=47017833 Well, now with an irony, but sadly, of course. | ||
| ▲ | no-name-here an hour ago | parent | prev [-] | |
Would red hat be considered a trusted/reputable vendor? | ||