Thoughts?

  • Square Singer@feddit.de
    link
    fedilink
    arrow-up
    8
    ·
    1 year ago

    The risk is definitely not higher than the risk of some closed sorce dev smuggling something dodgy into a high profile project like e.g. Windows.

    That said, I would trust an unknown git repo about as much as I would trust some exe I found on a random website.