|
|
|
|
|
|
by _xivi
1019 days ago
|
|
|
> The maintainers can be compromised though. Is every single version of every single "vetted" package / maintainer also vetted? Pretty much, packaging is not a brainless process. One of the effort that specifically target this is the Reproducible builds project [0], along with many other security measures set by each distro. There are also usually multiple testing and updates rolling stages. The best evidence of how effective these measures is its actual reputation and record on the ground. [0] https://reproducible-builds.org/ |
|
|