• Possibly linuxOP
    link
    fedilink
    English
    arrow-up
    19
    arrow-down
    1
    ·
    9 months ago

    I think we need focus on zero trust when it comes to upstream software

      • Possibly linuxOP
        link
        fedilink
        English
        arrow-up
        1
        ·
        9 months ago

        It is fine to use them just know how they work and check the commit log.

        That of course requires you to pull from got instead of a tarball

            • billgamesh@lemmy.ml
              link
              fedilink
              arrow-up
              1
              ·
              edit-2
              9 months ago

              i’m not an expert, but my reading was that it was hidden in a binary used for testing EDIT: oh yeah, i see what you mean