Maintainer burnout and package security

added by DotNetKicks
5/29/2019 7:18:51 PM

1 Kicks, 242 Views

At the end of the day, a determined attacker will get a malicious package in the package feed. Sometimes this is enabled by maintainer burnout. So what can we do? How do we mitigate this and provide security in depth?