look, I get why y’all like the “supply chain” rhetoric, it helps you continue pretending that software security can be solved through capitalistic means
here’s the thing: I’ve run a manufacturing business before. I’m getting a second one going. Supply Chains are defined by an exchange of money for goods, with value-add steps in between. That’s it
Where’s the money, Lebowski?
Software packaging security is a social trust problem, which can’t actually be “solved” in a capitalist framework
@mattly I agree with what you said, but after boosting it, decided that I want to do a little "Yes, and...".
As in, yes, and as long as we live in a capitalistic society, for people to be able to be trustworthy, they need to be able to eat. Thus I see why some people are trying to solve the money issue - but github forcing 2FA is not really helping with the money, so ehh.