|
|
|
|
|
|
by oblio
2586 days ago
|
|
|
I know, but with his model a random third party decides what's best for that software. That third party has screwed the security of the package on occasion (Debian being a famous example: https://www.schneier.com/blog/archives/2008/05/random_number...), has delayed package updates for years if not decades (I don't even need to provide an example, just do a diff of stable upstream versions and your favorite distro's package versions), has even broken packages on occasion, etc. And let's not the frequent cases where there's a personality clash between the upstream developer and a package maintainer... And this model also assumes that a package maintainer has the time or expertise to actually audit the code fully and correctly. Really bold assumption! |
|
|