6 Matching Annotations
  1. Apr 2021
  2. en.wikipedia.org en.wikipedia.org
    Defensive programming - Wikipedia
    1
    1. TylerRick 14 Apr 2021
      A good heuristic is to not trust the libraries you did not write either.
      trust/reliance/dependence on open-source libraries trust/reliance/dependence on third party trust: how do you know you can trust them/it? defensive programming
    Visit annotations in context

    Tags

    Annotators

    URL

    en.wikipedia.org/wiki/Defensive_programming
  3. Mar 2021
  4. www.chevtek.io www.chevtek.io
    Why I think "micro-packages" are a good thing.
    1
    1. TylerRick 12 Mar 2021
      he goes on to talk about third party problems and how you're never guaranteed something is written correctly or that even if it is you don't know if it's the most optimal solution
      how can you know? trust/reliance/dependence on third party trust/reliance/dependence on open-source libraries dependencies: trusting open-source dependencies: review the source code/diff before installing/updating vetting a dependency/library/framework
    Visit annotations in context

    Tags

    Annotators

    URL

    chevtek.io/why-i-think-micro-packages-are-a-good-thing/
  5. news.ycombinator.com news.ycombinator.com
    Micropackages and Open Source Trust Scaling | Hacker News
    2
    1. TylerRick 12 Mar 2021
      micropackages trust/reliance/dependence on open-source libraries to read
    2. TylerRick 12 Mar 2021
      I suspect you aren't seeing much discussion because those who have a reasonable process in place, and do not consider this situation to be as bad as everyone would have you believe, tend not to comment on it as much.
      silent majority tendency of people to only speak up when something is wrong/broken and be silent so long as everything is fine/working/tolerable trust/reliance/dependence on open-source libraries
    Visit annotations in context

    Tags

    Annotators

    URL

    news.ycombinator.com/item
  6. www.usenix.org www.usenix.org
    Untitled document
    2
    1. TylerRick 12 Mar 2021
      trust/reliance/dependence on open-source libraries npm ecosystem JavaScript ecosystem
    2. TylerRick 12 Mar 2021
      Unfortunately, this open nature also causes security risks, asevidenced by recent incidents of single packages that brokeor attacked software running on millions of computers.
      trust/reliance/dependence on open-source libraries
    Visit annotations in context

    Tags

    Annotators

    URL

    usenix.org/system/files/sec19-zimmermann.pdf