versionc@lemmy.world to Selfhosted@lemmy.worldEnglish · 15 days agoBitwarden CLI distributed through NPM has been compromised. Bitwarden Statement on Checkmarx Supply Chain Incident.community.bitwarden.comexternal-linkmessage-square79linkfedilinkarrow-up1405arrow-down13
arrow-up1402arrow-down1external-linkBitwarden CLI distributed through NPM has been compromised. Bitwarden Statement on Checkmarx Supply Chain Incident.community.bitwarden.comversionc@lemmy.world to Selfhosted@lemmy.worldEnglish · 15 days agomessage-square79linkfedilink
minus-squarequick_snail@feddit.nllinkfedilinkEnglisharrow-up5arrow-down1·14 days agoA package manager that uses cryptographic signatures. Apt had this since 2005 iirc. Use apt.
minus-squarequick_snail@feddit.nllinkfedilinkEnglisharrow-up2·14 days agoPackages are reviewed by package maintainers. Humans are required to solve a malicious insider. But most supply chain vulns of these shitty software dependency managers were resolved decades ago by freely available cryptography
minus-squarecaptcha_incorrect@lemmy.worldlinkfedilinkEnglisharrow-up2·11 days agoApt is great, but it does not work with every language. As an example, you cannot use apt with maven (java) AFAIK.
minus-squarequick_snail@feddit.nllinkfedilinkEnglisharrow-up1·11 days agoOh boy. Maven is like the only language dependency manager that does signing tho! You don’t need to use apt for java. Just use maven :)
minus-squarecaptcha_incorrect@lemmy.worldlinkfedilinkEnglisharrow-up2·10 days agoHaha! Yeah, I don’t even know where to start if I wanted to use apt for this. I’ll stick with Maven for Java.
A package manager that uses cryptographic signatures. Apt had this since 2005 iirc. Use apt.
deleted by creator
Packages are reviewed by package maintainers.
Humans are required to solve a malicious insider. But most supply chain vulns of these shitty software dependency managers were resolved decades ago by freely available cryptography
deleted by creator
Apt is great, but it does not work with every language. As an example, you cannot use apt with maven (java) AFAIK.
Oh boy. Maven is like the only language dependency manager that does signing tho!
You don’t need to use apt for java. Just use maven :)
Haha! Yeah, I don’t even know where to start if I wanted to use apt for this. I’ll stick with Maven for Java.