undefined | Better HN

0 pointsxvilka1mo ago0 comments

There are always Chocolatey and Scoop.

0 comments

chii1mo ago

Why wouldn't those also become a target, if they would grow to be sizable?

And if they have prevention mechanisms, why can't existing supply chains be secured with similar prevention mechanisms, instead of funneling to a single package manager provider?

kijin1mo ago

The supply chain for Notepad++ updates was a PHP script on a shared hosting account pointing to the URL of an executable file.

Surely someone with more resources and more sets of eyes could do better than that? AFAIK nobody has compromised Debian's APT repositories and Red Hat's RPM repositories yet.

eterm1mo ago

These days there is Winget which I'd rather use than either of those.

j / k navigate · click thread line to collapse