The many (many) ways I've backdoored your dependencies and other supply chain at

So what do we do? I really think something like Firejail must be the way to go, but it&#x27;s absolutely not ready for user-friendly prime time. And what do you do on macOS, or for every little tool like `ls` (where I want say filesystem access but not network).<p>It all seems a bit hopeless, I refuse to believe anyone who claims to audit everything and every update - and would they have caught xz&#x27;s backdoor anyway?

Most of these point come down to: don&#x27;t trust random shit from the internet and don&#x27;t blindly pull it into your projects&#x2F;env.

Enable JavaScript and cookies to continue

&quot;By now, you may have guessed that I didn&#x27;t have literally backdoored your dependencies, but someone else may have, or will.&quot;

Broken link