Trust in Software Packages

Dan discusses the evolving landscape of software package management, highlighting the shift from trusted distributions to the complexities of modern package managers like NPM and Helm. With the rise of thousands of dependencies from unknown sources, he emphasizes the need for transparency through software bills of materials to ensure trustworthiness. The conversation underscores the importance of awareness in managing dependencies, which can ultimately enhance productivity for developers.

In this clip
From this podcast
Software Engineering Radio - the podcast for professional software developers
Episode 535: Dan Lorenc on Supply Chain Attacks
Related Questions
- Can open source have tighter control in the context of Episode 541: Jordan Harband and Donald Fisher on Securing the Supply Chain and the clip Code Audit Challenges?

Trust in Software Packages

In this clip

From this podcast

Software Engineering Radio - the podcast for professional software developers

Episode 535: Dan Lorenc on Supply Chain Attacks

Related Questions

Can open source have tighter control in the context of Episode 541: Jordan Harband and Donald Fisher on Securing the Supply Chain and the clip Code Audit Challenges?