Thanks for the links. I am concerned about supply chain attacks and such with FOSS tools these days. It seems like the easiest attack surface. In my dev opinion it’s not if it’s when. Kinda sucks and I think the adversary is moving faster than the provider. (I have created and maintained public domain software but not currently. Now I’m crapping on the thread sorry. But no one else is sorry for crapping on threads…I need to stop over thinking or maybe just close this tab)