OpenAI’s cert rotation move shows how fast supply-chain risk can hit the software trust root

MacBook

The most serious part of a software supply-chain attack is often what it could do to signing and release integrity, not just what package was compromised.