About 105 results
https://nesbitt.io/2026/03/12/reviewing-enisas-package-manager-advisory.html · 12 Mar 2026
Notes on ENISA's Technical Advisory for Secure Use of Package Managers.
https://nesbitt.io/2026/03/08/if-it-quacks-like-a-package-manager.html · 8 Mar 2026
Some tools waddle like package managers without learning to swim.
https://nesbitt.io/2026/03/04/package-managers-need-to-cool-down.html · 4 Mar 2026
A survey of dependency cooldown support across package managers and update tools.
https://nesbitt.io/2026/03/02/transitive-trust.html · 2 Mar 2026
You trust your maintainers, who trust their maintainers, but do they trust their maintainers' maintainers?
https://nesbitt.io/2026/02/25/two-kinds-of-attestation.html · 25 Feb 2026
The oldest problem in computer science, but with toasters.
https://nesbitt.io/2026/02/24/reproducible-builds-in-language-package-managers.html · 24 Feb 2026
Verifying that a published package was actually built from the source it claims.
https://til.iainsimmons.com/posts/content-security-policy-reporting-endpoint · 15 Feb 2026
today iain learned: How to use the Content-Security-Policy Reporting endpoint for automatically logging/receiving CSP violations
https://nesbitt.io/2026/02/04/package-management-at-fosdem-2026.html · 4 Feb 2026
Summary of package management talks from FOSDEM 2026, covering supply chain security, attestations, SBOMs, dependency resolution, and distribution packaging across multiple devrooms.
https://nesbitt.io/2026/02/03/incident-report-cve-2024-yikes.html · 3 Feb 2026
A series of unfortunate events.
https://octet-stream.net/b/scb/2026-01-30-mie-soft-mode.html · 29 Jan 2026 · 🦋 Bluesky
HOME BLOGS PROJECTS GITHUB 30 January 2026 I wrote previously that I was having difficulty making Apple's Memory Integrity Enforcement feature do what it says on the tin. After getting some help from Eskimo on the developer forums I'm pleased to r...