On Thu, 4 Mar 2021 19:05:38 +0100 to...@tuxteam.de wrote: > On Thu, Mar 04, 2021 at 11:16:25AM -0500, Celejar wrote:
... > > I know I can't avoid the risk > > entirely, but this is one of the reasons I try hard to limit my use of > > software to stuff in the repos. I understand it's no magic bullet > > against this type of thing, but in my (not very informed) judgment, it's > > less likely to happen to stuff that Debian is vetting. I.e., I'm hoping > > that all those hoops that Debian makes packages jump through, which > > prevent stuff I do want from entering the repos, will work here in my > > favor ;) > > That's my approach, too; but I realise that trust is, at the bottom, > a social thing. Technology can only be a tool in this. > > The "classical" distro way is becoming more and more difficult; for > "monsters" like Chrome, the distribution can't vet everything, and as > software becomes more and more entangled (with version dependencies > on the newest micro-version), people resort more and more to docker > images, flatpaks and what have you. Indeed. Recent example: I wanted to learn Kotlin and try some simple Android development. Neither IntelliJ IDEA nor Android Studio are in the repos, so I had to install them from upstream's tarballs and hope for the best. I suppose I could have been more principled and installed them to VMs or containers - maybe I should still reconsider and do that. Celejar
