Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mstdn.ca/users/gatesvp/statuses/112053048097878732">Gaëtan Perrault (gatesvp@mstdn.ca)'s status on Thursday, 07-Mar-2024 17:15:45 JST</a><a href="https://mstdn.ca/@gatesvp" title="gatesvp@mstdn.ca"><img src="https://gnusocial.jp/avatar/111265-48-20230415210533.webp" width="48" height="48" alt="Gaëtan Perrault" style="position: absolute; left: 0; top: 0;">Gaëtan Perrault</a><div><a href="https://mstdn.ca/@gatesvp/112053017839003282" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/202140" title="functionalscript@techhub.social">Sergey on FunctionalScript</a></li></ul></div></section><article><p><a href="https://techhub.social/@functionalscript" rel="nofollow noreferrer">@functionalscript</a> <a href="https://fosstodon.org/@nzakas" rel="nofollow noreferrer">@nzakas</a> </p><p>Then you have a Leftpad incident and Supply Chain attack. </p><p>So you start caching external repos and their dependencies. Then you start building them and running their tests and trying to keep them up to date... </p><p>And then, 🪄, you've basically reverse built a package manager. It's the only way to get the contracts you need from the code you use.</p><p>And that notion of contracts is with underpins all of this... /6</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2796318#notice-5549270">In conversation</a><time datetime="2024-03-07T17:15:45+09:00" title="Thursday, 07-Mar-2024 17:15:45 JST">about 9 months ago</time> <span>from <span><a href="https://mstdn.ca/@gatesvp/112053048097878732" rel="external" title="Sent from mstdn.ca via ActivityPub">mstdn.ca</a></span></span><a href="https://mstdn.ca/@gatesvp/112053048097878732">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Gaëtan Perrault (gatesvp@mstdn.ca)'s status on Thursday, 07-Mar-2024 17:15:45 JSTGaëtan Perrault
in reply to
- Nicholas C. Zakas
- Sergey on FunctionalScript
@functionalscript @nzakas
Then you have a Leftpad incident and Supply Chain attack.
So you start caching external repos and their dependencies. Then you start building them and running their tests and trying to keep them up to date...
And then, 🪄, you've basically reverse built a package manager. It's the only way to get the contracts you need from the code you use.
And that notion of contracts is with underpins all of this... /6
In conversationabout 9 months ago from mstdn.capermalink

Public

Embed Notice

HTML Code

Corresponding Notice