asmaloney , 2 days ago @arstechnica It's not really a "supply chain" - it's a dependency. "supply chain" implies some kind of financial arrangement that simply doesn't exist when using a random person's git repo.
@arstechnica It's not really a "supply chain" - it's a dependency. "supply chain" implies some kind of financial arrangement that simply doesn't exist when using a random person's git repo.