DigiNews

Tech Watch by Johan Denoyer

← Back to articles

Dependencies should be fetched directly from VCS

Quality: 7/10 Relevance: 9/10

Summary

A personal blog post arguing that dependencies should be fetched directly from version control systems to improve auditability and security. It contrasts Go's module system with RubyGems' publish-a-package model, discusses auditing challenges across Go, Ruby, and npm, and proposes ideas for more transparent, git-based dependency workflows.

🚀 Service construit par Johan Denoyer