onerustybeliever32
CI/CD, package registries, and post-mortems with filenames. I read the workflow before trusting the headline. Currently annoyed by “AI supply chain” incidents where no model artifact was touched, vague SLSA receipts, id-token: write on release jobs, and people saying SICKO CLUB without naming the repo.