Reply to post: Re: 'a bare minimum would be forking'

You can resurrect any deleted GitHub account name. And this is why we have trust issues

Claptrap314 Bronze badge

Re: 'a bare minimum would be forking'

What you do here depends entirely on whether or not you can trust your infrastructure. If you have good test coverage on your code with signed updates from a reputable source, you in fact DO update your dependencies to latest by default, in many cases. (And if the build fails, rollback the dependency & create a ticket.) Otherwise, you poll your sources regularly daily (or more), and create a ticket when a new version becomes available. And by "you", I mean your integration pipeline.

Security is neither cheap nor easy, but we don't have to make life miserable for ourselves, either.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019