We don’t solve malicious code injected into packages by not re-using components just because s/o else wrote them.

If you have code in pull requests that you don’t know what it does, maybe we shouldn’t accept it? Maybe we shouldn’t rely on volunteers for critical infrastructure?

Sign in to participate in the conversation
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either! We adhere to an adapted version of the TootCat Code of Conduct and follow the Toot Café list of blocked instances. Ash is the admin and is supported by Fuzzface, Brian!, and Daniel Glus as moderators. Hosting costs are largely covered by our generous supporters on Patreon – thanks for all the help!