* https://nakedsecurity.sophos.com/2021/03/07/poison-packages-supply-chain-risks-user-hits-python-community-with-4000-fake-modules/#
  * https://people.kernel.org/monsieuricon/what-does-a-pgp-signature-on-a-git-commit-prove#
  * https://privsec.dev/posts/linux/desktop-linux-hardening/# SecuritY
  * https://www.bodden.de/pubs/dph+21identifying.pdf VulN