Threat overview uses wrong terminology
eruvanos opened this issue · comments
Maic Siemering commented
Like mentioned under "Terminology" the term repository should exclusively be used to mean “source repository”.
The image included within "Supply chain threats" lists "G: Compromised package repo".
In my understanding this should be changed to: "G: Compromised package registry"
Ambiguous terms to avoid
Package repository: Could mean either package registry or package name, depending on the ecosystem. To avoid confusion, we > always use “repository” exclusively to mean “source repository”, where there is no ambiguity.
Joshua Lock commented
Well spotted, thanks! And thanks for submitting a PR to fix it.