|
|
|
|
|
|
by wpm
1194 days ago
|
|
|
Yeah, because I definitely double check the provenance of the 30 dependencies that blow past my terminal when I apt install something, that I also very much looked into and aren’t blindly typing commands from Stack Overflow into my terminal because I’m trying to solve some problem. |
|
|
why would you? that's the package maintainers job. each of these dependency also has a maintainer, so by definition all dependencies have a provenance that is as good as the package you are installing.
this is not npm where anyone can upload something and you have to check the provenance of each yourself