Package Managers are Evil
Domain: www.gingerbill.org Shared: | Tags: gingerbill programminggingerBill's thoughts on why package managers cannot be trusted.
Package managers download packages from a repositories, handles the dependencies and tries to fix them, and then it downloads its dependencies, and its dependencies, and its dependencies… and you can probably see where my criticism is going.
I discovered this through ThePrimeagen's video on LiteLLM's recent supply chain attack.