|
|
|
|
|
|
by goodpoint
1522 days ago
|
|
|
> Packagers not finding a backdoor doesn't mean that there isn't one. Nice stramwan there - when the alternative is trusting random strangers on github. > How many packagers actively audit the code they support for a given distro? Many, plus large companies do plenty of vetting and indemnification on popular distros. There are very large contracts involved in this. Do you think the typical bank installs random stuff from the Internet on their payment processors? > Packagers have even introduced[1] vulnerabilities by "fixing" code they didn't fully understand at the time. Another strawman. How many vulnerabilties have been prevented or fixed by packagers? Quite a good number. > we're doing them no favors by being confused at what their job is. Speak for yourself. |
|
|