Hot Take: This story will repeat (or at least rhyme) until our societies take funding open source seriously (and by that, I don't mean exclusively big name projects).https://github.com/dominictarr/event-stream/issues/116 …
-
-
Malicious dependency graphs are scary. Might make a decent case for languages to have more in the stdlib. Or perhaps major library usage.
-
But where should the line be drawn on denying merges based on a library not including enough code vs. reimplementing it? It feels like keeping the dependency graph small would be a big security win, but there is a security cost to reimplementation because it won't get updates.
- 12 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.