|
|
|
|
|
|
by codedokode
338 days ago
|
|
|
That's actually what Linux distributions provide free of charge: a list of verified packages. However, a sustainable solution would be a commercial vendor (like Kaspersky for example) providing a safe feed of packages on a paid basis. |
|
|
That's true in the sense that distros tend to provide digital signatures. But we're talking asserting the actual security of packages, not just that they were quickly looked at by a trusted party.
And again, that's not somehow blameworthy: they're providing significant value even without asserting the security of packages.
(And don't take my word for this: take it from the distro maintainers in this very thread, as well as elsewhere[1].)
[1]: https://www.reddit.com/r/linux4noobs/comments/1c6i3je/are_al...