Mastodon Feed
Reblogged by cstanhope@social.coop ("Your friendly 'net denizen"):
mattly@hachyderm.io ("Matthew Lyon") wrote:
look, I get why y’all like the “supply chain” rhetoric, it helps you continue pretending that software security can be solved through capitalistic means
here’s the thing: I’ve run a manufacturing business before. I’m getting a second one going. Supply Chains are defined by an exchange of money for goods, with value-add steps in between. That’s it
Where’s the money, Lebowski?
Software packaging security is a social trust problem, which can’t actually be “solved” in a capitalist framework