Comments URL: https://news.ycombinator.com/item?id=47853762

Points: 1

# Comments: 0

Not using any new features from 1.26, so lowered the requirements for projects lagging behind a bit.

Comments URL: https://news.ycombinator.com/item?id=47841967

Points: 2

# Comments: 2

Context: I’ve been working in a regulated monorepo and realized that almost all existing supply chain tools assume you are a large enterprise with dedicated infrastructure.

The gap I found:

Scanners are reactive (they yell at you after the fact).

Artifactory/Nix are heavy (they require rebuilding your workflow or hosting servers).

I wanted something in the middle. The idea is a lightweight CLI that acts as a local proxy to gate npm/cargo/go requests against policies stored directly in git. It forces "lockfile intent" (what the dev wants) to match "security policy" (what the repo allows) before the package hits the host.

The mechanism I'm most interested in feedback on is the enforcement logic: sbom check --policy-from=origin/main

This allows the CLI to judge the "crimes" on your feature branch against the "laws" defined in main. It effectively prevents a developer from un-banning a vulnerable package in the same PR that introduces it.

Does this "local proxy" approach feel like the right middle ground to you, or is the overhead of a proxy too much for a daily driver?

Comments URL: https://news.ycombinator.com/item?id=46531077

Points: 3

# Comments: 1

Questioning whether someone was the right fit for a role isn't an attack on their legitimacy or their earlier contributions, no matter how pivotal they were. Steve Ballmer at Microsoft had a quasi-founder status, and he received the exact same backlash and hate throughout his tenure because he was perceived as someone who "didn't get it".

If the argument is that any skepticism of a female CEO's performance must be sexist, that shuts down legitimate discussion. I'd rather focus on outcomes rather than on trying to divine each other's motives.

Lastly, Your "pause and do better" is exactly what I'm objecting to: framing disagreement as moral failure. Question Baker? Sexist. Disagree with me? You're not doing enough for the cause.

Founders don’t face any competition when they get the job at their own companies, and they often have ownership to force it as an outcome if there’s ever a debate.

Baker, to her credit, probably faced brutal competition to get to the top job. It’s not out there to wonder why she was picked, and the answer cannot be because « she was there from the beginning ».

HN tends to like people who have a certain understanding of product and technology. Baker’s legal background probably didn’t help put forward her other skills, hence the questions.

If the argument is based on trends your personally noticed on HN, then I’m afraid there’s not much to discuss.

I find the accusations of sexism towards anyone who dares question her as excessive as some of the comments that were made towards her.

Comments URL: https://news.ycombinator.com/item?id=46291292

Points: 1

# Comments: 0

The App Store is packed with apps because developers saw an opportunity and wanted to seize it. Everyone's in it because it serves their interests.

It's rather obvious that problems started when Apple decided to build a services business the size of a F100 company by directly and unfairly competing with said developers, unchained from all the constraints and costs they impose on them.

They were included in the experimental packages on google.com/x.

Consider that some banks are hundreds of years old and have commercial relationships that span well over a century, long pre-dating the modern financial system and the considerations we're discussing.

How is the cash I deposit from the dividends I earned originate from a loan? How about the community banks that purchase gold from their customers?