19 points by spiros 3 hours ago | 2 comments

gnabgib
Discussion (205 points, 11 hours ago, 123 comments) https://news.ycombinator.com/item?id=48500447
sourcegrift
How hard is it to build a trust network system for these packages?