I really hate it when various packages expect users to add their custom repo. Especially for something where I don’t care about updates.
Feels like every little thing should be in its own docker container with limited filesystem access. Of course that is a whole lot of trouble…
The dependency trees in cargo/pip also greatly bother me.
VS Code extensions are also under appreciated. Some turd makes a “starter pack” for rust/python/etc with a great set of common extensions… plus a few that nobody has heard of… Over time, they reach 50k-100k downloads and start to appear legit… Excellent way to exfiltrate trade secrets!!!
Feels like every little thing should be in its own docker container with limited filesystem access. Of course that is a whole lot of trouble…
The dependency trees in cargo/pip also greatly bother me.
VS Code extensions are also under appreciated. Some turd makes a “starter pack” for rust/python/etc with a great set of common extensions… plus a few that nobody has heard of… Over time, they reach 50k-100k downloads and start to appear legit… Excellent way to exfiltrate trade secrets!!!