1. 11

  2. 1

    Does this increase the chance of a supply chain attack? Was the manual way at all checking the quality of the code downloaded, or was it just as vulnerable?

    1. 2

      If I’m reading it right, this doesn’t even get the update into Sid, but into a new repo called Fresh. From there it would be much easier for the DM to pull into Sid and from there into a version someone might actually use, but the human isn’t out of the loop yet.