JF BastienFor all the recent supply chain security attacks, I find it fascinating that C++’s standard package manager hasn’t been attacked. Tells you a lot that nobody is criticizing C++’s security right now!
Pierre H.@madcoder zero CVEs!
@jfbastien exactly like all the Swift code I wrote.
rayslava@jfbastien this, but unironically.
Complexity of dependency management makes developer to think carefully about every added one therefore a tiny shell tool does not have 300 of deps to build.
@rayslava NIH-as-a-Service
Félix@jfbastien tbh it’s only a matter of time before Mythos finds a CVE in the /dev/null driver
Robert@jfbastien
security == painful
C++ package management == painful
==> C++ package management == security?
security == painful
C++ package management == painful
==> C++ package management == security?