alt Hacker NewsGood points. But what do you mean with 3: "lockfile poisoning attacks, by making them more complicated" — making the lockfiles more complicated?
Also, 4) Simpler to `git diff` the changes, when you have the source locally already :- )
Good points. But what do you mean with 3: "lockfile poisoning attacks, by making them more complicated" — making the lockfiles more complicated?
Also, 4) Simpler to `git diff` the changes, when you have the source locally already :- )
> making the lockfiles more complicated?
Poor phrasing; I meant the attacks. Now you don’t just have a lockfile you need to sneakily modify, and the diff grows.
As to your second point, yes. It’s really a different feeling when you add one more package and suddenly have 215 new files to check in!