Dependency Confusion Attack - Dub affected?
andre at s-e-a-p.de
Thu Feb 11 14:01:38 UTC 2021
On Thursday, 11 February 2021 at 13:05:33 UTC, Jacob Carlborg
> I recently read this  interesting article. Would Dub
> affected by this? Based on what I could find in the Dub
> documentation, it looks like Dub would **not** be affected.
> According to the documentation Dub will try custom registers
> first, is that correct?
> /Jacob Carlborg
It is a good practice for companies to have all dub packages
mirrored to an internal dub registry / maven repository and let
the dub clients only connect to this internal registry.
In addition to security aspects, you can build your software even
without an internet connection.
More information about the Digitalmars-d