Émilio GonzalezThe worst thing about the linux ecosystem is nothing is signed
if software was signed we could easily have a secure enclave. We could finally start building an ecosystem where malware running in a computer would have a much harder time stealing npm/github/pypi tokens, ssh keys, cleartext passwords in config files like we've seen a lot lately. It doesn't fix everything, but it'd help a lot. https://www.bleepingcomputer.com/news/security/popular-litellm-pypi-package-compromised-in-teampcp-supply-chain-attack/
if software was signed we could easily have a secure enclave. We could finally start building an ecosystem where malware running in a computer would have a much harder time stealing npm/github/pypi tokens, ssh keys, cleartext passwords in config files like we've seen a lot lately. It doesn't fix everything, but it'd help a lot. https://www.bleepingcomputer.com/news/security/popular-litellm-pypi-package-compromised-in-teampcp-supply-chain-attack/
Popular LiteLLM PyPI package compromised in TeamPCP supply chain attack
The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of devices during the attack.