Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Same thing with Java Security Manager which is in the process of being removed with no replacement.

Unfortunately supply chain security is incompatible with developer convenience. At least not without a lot of work to make it bearable.

We will have to suffer through a lot worse attacks than now before people will take it serious (most developers likely never but governments will at some point intervene - see EU's CSA).



IDK what JSM looked like to use, but .NET permissions were in some ways arcane and sneaky.

Back then, you often just ran VS as local admin, supply chain attacks weren't a 'real' thing most of the time, so NBD.

So then you try to deploy your app, and discover the joys of signed assemblies.

And you -make absolutely sure- when you leave, you give instructions to rebuild the whole pipeline if need be.

TBH at least we knew there was the polite illusion of a sandbox...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: