|
|
|
|
|
|
by aspaceman
1400 days ago
|
|
|
It could, but I can trust that no individual stepped in the middle of that process. I trust Rust to not put such a thing in their binary. I do not trust an arbitrary man in the middle, and it's trivial to modify a shell script. Without a checksum, I can't ensure the binary im piping through the shell is the binary they posted and built. Anyone can step in, modify a few lines, and get access to a large part of my system. The barrier to entry to add such capability to arbitrary binaries is outrageously high. |
|
|
Not everyone uses Linux, and not every package can be audited by repo devs. It’s simply not scalable.