BTW, just to make it clear, in the case of jiratui you can also download from github repo directly and inspect the code if you wish :D
reply> they could also send it somewhere
replyRun JiraTui in a container / bubblewrap, and only allow it to connect to the Jira API host:port.
Wouldn’t that mean they could still exfiltrate it to another jira site they control?
reply