top | item 46849925

(no title)

nextos | 28 days ago

Defense in depth. One compromised application may do a lot of harm if it has access to your keyboard inputs. Supply chain attacks are not that uncommon. While you can trust software developers, you cannot completely trust their builds.

discuss

its_ubuntu|28 days ago

[deleted]

nextos|28 days ago

I agree. I think fixing the keylogging issue should be possible without dumping the entire architecture. Perhaps the new X11 fork https://x11libre.net will achieve that? At least, it's encouraging to hear it's getting maintained.

Regarding (recent) supply chain attacks, Linux needs to take supply integrity and sandboxing more seriously. The tools to do so are there (e.g. Nix and firejail/bwrap) and, unlike Wayland, they play well with existing software.