You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Does Mason have any options to reduce the risk of supply chain attacks or does it just rely on upstream mechanisms?
For example, in mise I can use the install_before setting to prevent updates until the package has been out for a number of days: https://mise.jdx.dev/configuration/settings.html#install_before. By setting it to 7d for example I give the open-source-o-sphere plenty of time to spot the attacks and pull the code.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Does Mason have any options to reduce the risk of supply chain attacks or does it just rely on upstream mechanisms?
For example, in mise I can use the
install_beforesetting to prevent updates until the package has been out for a number of days: https://mise.jdx.dev/configuration/settings.html#install_before. By setting it to7dfor example I give the open-source-o-sphere plenty of time to spot the attacks and pull the code.Thanks.
Beta Was this translation helpful? Give feedback.
All reactions