Less is safer: how Obsidian reduces the risk of supply chain attacks