|
|
|
|
|
|
by habitue
766 days ago
|
|
|
This is too one size fits all. It's either "every package is untrusted" so the repo is useless, or it's "there's too many people to keep track of the trust level of" which is insecure. It's much harder to make a trust bet like that than, in principle, to make a local decision like "Hmm, why is the xz tool requesting access to the ssh port? That doesn't seem right" |
|
|