Is the theory here that the browser cannot be co-opted to infect web-based repositories? Also: thinking of how yt-dlp can integrate with browser cookies now and the malware paths that opens up. (This is part of why Chrome wants HSM cookies, I expect: DRM and opsec!)

▲

_pdp_ 3 hours ago | parent [-]

In this scenario the malware will not be on the device but in an isolated dev environment on a remote machine. So it will have access to whatever was configured in that repo but hopefully the project is isolated enough to ensure containment and prevent cross-pollination.

	▲	repelsteeltje 2 hours ago \| parent \| next [-]
		I don't think the cloud (someone else's computer) is the best solution. The sanitation problem can be mitigated by compartimentization but the cloud aspect also adds brittleness and new attack vectors. Why not set up proper containers (or VMs) locally? And why not wait a little till local LLMs catch up? Maybe just a personal itch, but having your dev environment elsewhere feels so gross to me..
	▲	altairprime 2 hours ago \| parent \| prev [-]
		That’s a big, labor-expensive if.