undefined | Better HN

0 pointsgritzko6y ago0 comments

...by adding a single point of failure?

0 comments

yarg6y ago

No, my thoughts are that we need better mechanisms to validate our dependencies.

So far I believe that Maven and NPM have failed to deliver on that front.

The dependencies being resolved from the code store provides a decent mechanism to resolve that issue.

But as long as it's being done on closed software, it's going to be hard to move towards a standard.

j / k navigate · click thread line to collapse

yarg6y ago

No, my thoughts are that we need better mechanisms to validate our dependencies.

So far I believe that Maven and NPM have failed to deliver on that front.

The dependencies being resolved from the code store provides a decent mechanism to resolve that issue.

But as long as it's being done on closed software, it's going to be hard to move towards a standard.

j / k navigate · click thread line to collapse