|
|
|
|
|
|
by solatic
2550 days ago
|
|
|
As pwnna pointed out, package size gives you away. The real way to protect against this, if it's genuinely part of your threat model, is to maintain a complete local mirror: you can't tell what is installed and at what versions if you simply download everything. And if it's actually part of your threat model, then you likely have a large enough install base that you need a local mirror for performance/non-security reasons anyway. So it's really a non-issue. |
|
|