Show Navigation
Conversation
Notices
-
I find it hard to completely blame Github for this, but it's new to me that they allow username reuse: https://donatstudios.com/GithubsTotalSecurityFacepalm
Combined with rather dumb package managers which treat Github as part of their security model that's gonna lead to security issues.
I guess it just goes to show how bad it is to rely on just URL's. A proper system relies on some form of cryptographic signing instead to indicate that the author of an artifact is indeed the owner of the expected key.