Conversation
Notices
-
Hallå Kitteh (clacke)'s status on Tuesday, 06-Feb-2018 01:38:17 UTC Hallå Kitteh > Increasing reliance on open-source frameworks like React means engineering and security teams can’t just worry about their company’s own code. It has to mingle with changes to open-source projects that can cause unforeseen trouble. It’s like if the ingredients in one of your prescription drugs subtly changed, so your preferred over-the-counter pills suddenly caused a dangerous interaction.
https://techcrunch.com/2018/02/05/mixpanel-passwords/
Ugh. Is this writer aware that you can rely on Other People's Code without even having the freedom to view and change the source code? How is that better? Then you probably won't even discover an issue like this.- LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} repeated this.
-
INACTIVE (deadsuperhero)'s status on Tuesday, 06-Feb-2018 03:20:47 UTC INACTIVE @clacke @Gargron This argument sounds totally dumb when applied to the entirety of Open Source. This kind of thing really only happens when you have a widely-used project with maybe 3 contributors who all hold domain-specific knowledge.
Or you're doing dumb shit in the NPM ecosystem.
-
Annah (maiyannah)'s status on Tuesday, 06-Feb-2018 13:27:49 UTC Annah @deadsuperhero @gargron @clacke Something something leftpad