This repository was archived by the owner on Mar 5, 2021. It is now read-only.
This repository was archived by the owner on Mar 5, 2021. It is now read-only.
Vendor dependencies to manage risk of source compromise #24
Description
If one of the upstream providers injects malicious code, anyone who builds credulous from source will get it by default.
An alternative is to vendor upstream sources (by e.g. checking copies into this repo); this means that updates are pulled in by the Credulous team rather than automatically sent to anyone who builds from source.