undefined | Better HN

0 pointspractorz6mo ago0 comments

>In any case, if the choice is “frequent supply chain compromise, take it or leave it”, the answer is of course “leave it”.

There's another choice: vendor your dependencies and manually review and vet updates. That solves all your problems, no need for "trusted third parties", you are the one vetting it, only need to trust yourself.

0 comments

notTooFarGone6mo ago

You just make a problem that a couple of thousand people have to a problem for a couple of million.

Fix it early so the user does not have to deal with the complexity is most often the best approach.

j / k navigate · click thread line to collapse

0 pointspractorz6mo ago0 comments

>In any case, if the choice is “frequent supply chain compromise, take it or leave it”, the answer is of course “leave it”.

0 comments

notTooFarGone6mo ago

You just make a problem that a couple of thousand people have to a problem for a couple of million.

Fix it early so the user does not have to deal with the complexity is most often the best approach.

j / k navigate · click thread line to collapse