alt Hacker NewsYep, I trust the obdev.at / Snitch guys.
I do wonder however, are they sufficiently careful about their processes and own machines to avoid a supply chain attack completely.
They must be a target for the various hacking groups out there.
Replies
lapcat • today at 1:23 AM
This comment seems a bit confused.
A supply chain attack doesn't directly attack an end developer but rather a supplier of the developer. So who or what is the supplier in this case?
➕ show 3 replies
We have not detected a targeted attack yet. On the Mac side, we are safe: No dependencies on any third party libraries. Only Apple.
On the Linux side, there is no single big vendor such as Apple who provides all the necessary libraries. I have tried to choose reputable sources from crates.io only, but to be honest, I don't know a secure solution to the problem.