davel [he/him]@lemmy.ml to Programmer Humor@lemmy.mlEnglish · 1 day ago‘No Way To Prevent This,’ Says Only Package Manager Where This Regularly Happenskevinpatel.xyzexternal-linkmessage-square14fedilinkarrow-up1140arrow-down13cross-posted to: programmer_humor@programming.devprogramming@programming.dev
arrow-up1137arrow-down1external-link‘No Way To Prevent This,’ Says Only Package Manager Where This Regularly Happenskevinpatel.xyzdavel [he/him]@lemmy.ml to Programmer Humor@lemmy.mlEnglish · 1 day agomessage-square14fedilinkcross-posted to: programmer_humor@programming.devprogramming@programming.dev
minus-squaremoonpiedumplings@programming.devlinkfedilinkEnglisharrow-up3arrow-down2·1 day agoYes, that is true. Thought, even this remains problematic because cargo does execute build/compile time scripts, unsandboxed, that can be used to do malicious things, similar to the problems with npm.
minus-squarelocuester@lemmy.ziplinkfedilinkEnglisharrow-up8·22 hours agoBut “you would have to reverse engineer binaries” is objectively false, since packages are source. I agree on your other point, but you really should edit the misinformation.
Yes, that is true.
Thought, even this remains problematic because cargo does execute build/compile time scripts, unsandboxed, that can be used to do malicious things, similar to the problems with npm.
But “you would have to reverse engineer binaries” is objectively false, since packages are source.
I agree on your other point, but you really should edit the misinformation.