2Ara
Supply chain risks for OS packages
The risks of supply chain attacks on software libraries is well documented, however, I have not seen much on OS packages/dependencies. How important is it to both 1) pin OS dependencies (apt,rpm,etc.) and 2) host them in private repositori…
