|
|
|
|
|
|
by raesene4
3927 days ago
|
|
|
One important distinction to make is that this very much depends on what package manager you're talking about. Linux package managers tend to use signing and other mechanisms to check content. Software library package managers (e.g. npm, rubygems, etc) generally don't. Some of them offer signing but almost no packages are actually signed, and they don't do any curation of content. |
|
|