dave2wave commented on issue #312: URL: https://github.com/apache/tooling-trusted-releases/issues/312#issuecomment-3533414271
Since we are discussing package expansion of what are sometimes very large packages. We are likely going to need to consider zip bomb type expansion attacks. There are also SBOM analysis platforms to consider to provide checks like use of dependencies that have been identified as malware. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
