ReuseLessSoftware
Summary
The article argues that cheap software distribution and automated build systems have increased supply chain risk. It proposes vendoring all dependencies into the project to serve as a hard-firewall against supply chain attacks, and discusses trade-offs like repo bloat and harder transitive dependency management, along with practical considerations and future directions.