the site basically enlisted everyone who used it into helping it become critical societal infrastructure, in the same way that Amber Alerts now include t.co links to x dot com accounts that require you to be signed in in order to read
and it was us who helped it get there, simply by participating
look, I get why y’all like the “supply chain” rhetoric, it helps you continue pretending that software security can be solved through capitalistic means
here’s the thing: I’ve run a manufacturing business before. I’m getting a second one going. Supply Chains are defined by an exchange of money for goods, with value-add steps in between. That’s it
Where’s the money, Lebowski?
Software packaging security is a social trust problem, which can’t actually be “solved” in a capitalist framework