It turns out that software is "curl | sh" all the way down: https://arstechnica.com/gadgets/2021/03/more-top-tier-companies-targeted-by-new-type-of-potentially-serious-attack/
@kyle yes, calibre we are looking at you! And rust! And...
It turns out that software is "curl | sh" all the way down: https://arstechnica.com/gadgets/2021/03/more-top-tier-companies-targeted-by-new-type-of-potentially-serious-attack/
@kyle yes, calibre we are looking at you! And rust! And...
@kyle this is a big reason I try to do as much as I can with the standard library of whichever language I’m using. Then when I do go to the larger package ecosystem I try to stick to those with minimal dependencies themselves. Doesn’t mean I am always successful, but at least it makes the task of auditing a little less daunting. Releasing everything I do publicly and with a libre license ought to help too.