> Unfortunately, depending on an open-source tool to do this is a double edged sword if it had these features, because we would be opening the risk of supply-chain attacks -- malicious actors getting commits into the repository code which cause the program to send your data elsewhere -- or worse, deplete accounts' funds.
This is FUD. You’re describing open-commit, which I don’t think anyone does. Open source is not more susceptible to supply chain attacks than closed source software.
This is FUD. You’re describing open-commit, which I don’t think anyone does. Open source is not more susceptible to supply chain attacks than closed source software.