Typical security issues in C++: why the GC isn't your enemy

[rikki cattermole]

On 16/12/2022 4:19 AM, Siarhei Siamashka wrote:
> Any serious organization relying on DUB packages would have their own 
> local mirror of this stuff and also pin all dependencies to specific 
> commit hashes rather than version tags (after reviewing the code, 
> checking digital signatures, etc.).

We should have our own artifact repository as part of dub-registry.

That way we can pin versions to artifacts and not let people move things 
out from under other peoples feet.

But yeah, lots of work that can be done to mitigate any potential issues.