Earlier today I asked a question on Twitter Holy cow that thread took on a life of its own. The question is easy enough, do we have any security data on pinning vs not pinning dependencies? We don’t, I know this, but I was hoping someone was working on something (I don’t think they are).Continue reading “Facts vs Feelings”