**Jer Warren** @nyquildotorg@fedia.social · Feb 06, 2024, 00:43

**Jer Warren** @nyquildotorg@fedia.social · Feb 06, 2024, 00:43

Jer Warren @nyquildotorg@fedia.social

Feb 06, 2024, 00:43

Jer Warren @nyquildotorg@fedia.social

"Jer, it sounds like you just hate all package managers."

It just sounds that way because every goddamned one of them I have to interact with lets randos upload arbitrary shit that they didn't even write and then thousands of other people's packages suddenly depend on them.

**Jim** @sullybiker@sully.site · Feb 06, 2024, 00:48

**Jim** @sullybiker@sully.site · Feb 06, 2024, 00:48

Feb 06, 2024, 00:48

Jim @sullybiker@sully.site

@nyquildotorg Web of Trust Jer! Web of trust :)

**Jer Warren** @nyquildotorg@fedia.social · Feb 06, 2024, 00:50

**Jer Warren** @nyquildotorg@fedia.social · Feb 06, 2024, 00:50

Feb 06, 2024, 00:50

Jer Warren @nyquildotorg@fedia.social

@sullybiker I think we're saying the same thing: don't download packages from public package repositories, ESPECIALLY not in the process that deploys stuff to your site

**Jer Warren** @nyquildotorg@fedia.social · Feb 06, 2024, 00:50

**Jer Warren** @nyquildotorg@fedia.social · Feb 06, 2024, 00:50

Feb 06, 2024, 00:50

Jer Warren @nyquildotorg@fedia.social

@sullybiker what we have here is a web of trust: it anyone on the WEB can upload something, you can't TRUST it.

**Jim** @sullybiker@sully.site · 2024-02-06T00:58:55Z

Jim @sullybiker@sully.site

@nyquildotorg Yeah it is ripe for abuse and does get abused.

Feb 06, 2024, 00:58 · · Tusky · · ·

Resources

Developers

What is Mastodon?

sully.site

More…