alt Hacker News>Why is it a bunch of mostly unpaid volunteer hackers are putting more effort into supply chain security than OpenAI.
To be frank. Because more effort doesn't actually mean that something is more secure. Just because you check extra things or take extra steps that doesn't mean it actually results in tangibly better security.
Exactly. Deterministic artifacts alone are not necessarily more secure and are tangential to a lot of what is being described in the blog post.
The blog is mostly focused on hardening the CI/CD pipeline.