| AT2k Design BBS's VADV-PHP Home |
|
|
AT2k Design BBS Message Area
Casually read the BBS message area using an easy to use interface. Messages are categorized exactly like they are on the BBS. You may post new messages or reply to existing messages! You are not logged in. Login here for full access privileges. |
| Previous Message | Next Message | Back to Computer Support/Help/Discussion... <-- <--- | Return to Home Page |
|
||||||
| From | To | Subject | Date/Time | |||
|
LWN.net | All | [$] Dependency-cooldown discussions warm up |
April 23, 2026 6:40 AM * |
||
Efforts to introduce malicious code into the open-source supply chain have been on the rise in recent years, and there is no indication that they will abate anytime soon. These attacks are often found quickly, but not quickly enough to prevent the compromised code from being automatically injected into other projects or code deployed by users where it can wreak havoc. One method of avoiding supply-chain attacks is to add a delay of a few days before pulling upates in what is known as a "dependency cooldown". That tactic is starting to find favor with users and some language ecosystem package managers. While this practice is considered a reasonable response by many, others are complaining that those employing dependency cooldowns are free-riding on the larger community by letting others take the risk. https://lwn.net/Articles/1068692/ --- SBBSecho 3.37-Linux * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (618:250/24) |
||||||
|
||||||
Computer Support/Help/Discussion... 
| Previous Message | Next Message | Back to Computer Support/Help/Discussion... <-- <--- | Return to Home Page |
Execution Time: 0.0131 seconds If you experience any problems with this website or need help, contact the webmaster. VADV-PHP Copyright © 2002-2026 Steve Winn, Aspect Technologies. All Rights Reserved. Virtual Advanced Copyright © 1995-1997 Roland De Graaf. |