You must log in or register to comment.
Here’s a good reason why you should pin to specific sha hashes, not just release versions.
PrOtEcTiNg ThE sUpPlY cHaIn Is ImPoRtAnT tO uS. tHeReFoRe We NoW fOrCe 2Fa On YoU.
2fa isn’t a panacea and won’t solve every problem. It does help though. Why do you think supply chain integrity isn’t something they care about?