Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
tedunangst
on June 23, 2023
|
parent
|
context
|
favorite
| on:
Millions of GitHub repos likely vulnerable to Repo...
What if there were some way to specify a difficult to forge checksum for your dependencies?
rrdharan
on June 24, 2023
|
next
[–]
They could call it an SBOM...
codetrotter
on June 24, 2023
|
parent
|
next
[–]
I think tedunangst is referring to
https://man.openbsd.org/signify.1
tedunangst
on June 24, 2023
|
root
|
parent
|
next
[–]
Even simpler than that, something like bsd ports distfiles checksums, or go.sum, or whatever. If you depend on something, you should know what that something is, and you should have some measure of it in your code/project.
throwaway892238
on June 24, 2023
|
root
|
parent
|
next
[–]
Like a SBOM
remram
on June 24, 2023
|
prev
[–]
Like a commit hash?
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
