Podcast: Play in new window | Download (40.8MB) | Embed

Subscribe: Apple Podcasts | Spotify | Email | RSS | More

While it’s nice to be able to pull in packages to do various things in our projects, we need to think long and hard about how we are going to maintain those dependencies over time, in particular in how they relate to security. Supply chain attacks on software components are only going to get worse over time.