ra...@openmailbox.org skribis:
> A bad package could sneakily replace a core system library with, for
> example, insecure crypto code. So I think it is something that should
> be dealt with.
That’s really out of the threat model. The problem here is the
installation of an evil package in the fir
I was just thinking about the warnings you get after installing
packages:
warning: collision encountered
warning: arbitrarily choosing
because there are a lot of them and they generally don't matter or cause
problems I have learned to ignore them.. but I just spotted this
collision today:
/
