alt Hacker NewsMultiple package managers are trying to move to ssh keys and other stronger forms of verification, as well as trying to outlaw binary tarballs and other such things. It's somewhat slow going: package owners sometimes get grouchy about this and drag their feet.
Which is wild we’re coming full circle. Everyone made these things easy to publish to so we could onboard newbies faster but then we all figured out that sacrificing security to save someone 10 minutes of reading was a bad idea.
Don’t get me started on everyone being [email protected]…