Except most of the attacks so far has not landed actually source code changes to git IIRC. They have targeting the release files directly.
Except most of the attacks so far has not landed actually source code changes to git IIRC. They have targeting the release files directly.
Software vulnerabilities are often not placed maliciously, and are present in the original source. If you don't patch them if discovered later, you'll be vulnerable to them.
Yes. Isn't that "giant PITA" is referring to here?
> your own repo reviewing and merging from upstream as needed. Would be a giant PITA though