Hacker News new | past | comments | ask | show | jobs | submit login

All these build dependencies don't introduce security risk?



Yes, they do. However, accepting pre-built binaries introduces even more risk.


Any basis for your assertion please?

Binary infected with malicious payload is more likely to be detected by antivirus or by manual checking of the signature/checksum if user cares to.

Infected build system? In case of linux distributions, there are maintainers and packagers responsible for their source and binaries. In case of javascript, does anyone care?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: