top | item 37495200

(no title)

ateng | 2 years ago

>if you don't trust a provider, not only it's not safe to run the program, but it's also unsafe to install it

Isn't it same for windows right now? `.msi` and `.exe` can execute arbitrary code right?

discuss

The only difference is that you usually trust the repo in Linux, but that’s a pretty significant “only thing,” in the sense that the repo is already the source of your whole system, so it better be trustworthy!

simiones|2 years ago

The "elegant" way of distributing 3rd party software for Linux is to ask the user to add your APT/RPM/[...] repo to their system. And most Linux distro maintainers anyway don't vouch for software in the main repos, beyond basic install-ability. The Debian project for example definitely doesn't do in-depth security analysis of every package in the repos: they just check the license, re-package it, and keep an eye on security updates in upstream.

jraph|2 years ago

Yes, absolutely.