top | item 46815918

(no title)

sgc | 1 month ago

This is why I won't use random distros, even if they have better features. It's just one more point of failure, one more point of unnecessary trust. I would rather fight to deal with specific problems with specific apps on one of the handful of core distros with long histories.

discuss

Noaidi|1 month ago

Agreed, I just installed Fedora 43. I don’t even trust CachyOS at this point.

cromka|1 month ago

I feel like Cachy is even more fragile than Archlinux.

bsimpson|1 month ago

I feel this way about open source generally.

Lots of cool stuff that I happily use, but the bar to installing something that gets to see my password (OS, terminal, input handler, etc) is very high.

Not a popular take, but I'd rather run something from Valve or Google for the same reason. I trust there to be more vetting if a corporation is putting its reputation on the product than a toy I found on GitHub.

It's a bit of a myth that open source leads to more eyes on the software. Most people just install it and trust that somebody else did the audit.

Something with a vibrant community of maintainers? Maybe.

Something that's too big to personally audit but too small for that community? I'll pass.

yjftsjthsd-h|1 month ago

That's not an open source problem, though; that's a supply chain problem. Some random little proprietary freeware isn't better.

oliwarner|1 month ago

I'll take can be inspected over the alternative.

I agree, there are companies I'd trust but most software isn't made by Valve and Google. There are plenty of developers also not auditing their dependencies.