[someperson]

It's not just educational desktop environments: this issue affects Raspberry Pi OS Lite which is the primary operating system for Raspberry Pi's used in embedded and IoT applications. Some of which have automatic updates (called "unattended upgrades" in Debian parlance).

[pedroaraujo]

But this doesn't grant remote access to your system, and it's not like Microsoft will start shipping replacements of core packages over this repo.

[SecurityLagoon]

Technically it does grant another avenue of supply chain attack... but if Microsoft run mirrors are being compromised then we probably have much bigger issues than some raspberry pis.

[moistbar]

Considering the damage that can be done by botnets like Mirai, Raspberry Pis might be exactly what we should be worrting about.