• @this@sh.itjust.works
    link
    fedilink
    English
    192 months ago

    True, but I would think developers should at least be following it with the code they’re actually working on.

    • AwesomeLowlander
      link
      fedilink
      English
      -12 months ago

      It’s an imported library, since when are devs expected to be inspecting the source code of every library they import?

      • yessikg
        link
        fedilink
        52 months ago

        Since forever? Don’t you do security audits on the libraries you use?

        • AwesomeLowlander
          link
          fedilink
          English
          12 months ago

          One person from the team, maybe. You don’t have every single dev read every line of code in the libraries, which is what is being specified here