Do we want to talk about the value of Distribution Curating in the context of Open Source Supply Chain Issues
The latest is
https://www.zdnet.com/article/hundreds-more-malicious-packages-found-in-npm-factory/
Unfortunately, I've seen this turning into generally negative stories
on open source supply chain reliability.
I think that Debian tends to have a great response to such supply chain
trust. Namely we build a community, and typically multiple people are
involved in getting software into Debian.
As a consequence, we aren't able to package everything.
But I think we are much less likely to run into these sort of supply
chain attacks.
Mind, not impossible.
But I think it would be good to talk about the advantages of Debian in
this space.
Any thoughts/interest?
--Sam
Reply to: