|
|
|
|
|
|
by nijave
1204 days ago
|
|
|
I think in the case of Debian, packages are vetted and approved by repository maintainers before being hosted (the repository is curated). I think most application dependency repositories let anyone in and the onus is on the author and user to determine the legitimacy. I imagine it's easier to get people to mirror curated, signed packages than, effectively, random code |
|
|