Hacker News new | ask | show | jobs
by m4rtink 120 days ago
If the RPM/deb comes from a Linux distribution then there is a good chance there is a separate maintainer and the binary package is always built from the source code by the distro.

Also if the upstream developer goes malicious there is a good chance at least one of the distro maintainers will notice and both prevent the bad source code being built for the distro & notify others.
1 comments
pocksuppet 120 days ago
Browser extensions come from the Chrome/Firefox addon store, though and not through distros.
link
m4rtink 120 days ago
And maybe that's why we have the problem that is being discussed ? No third party that would audit and build extensions from source.
link
LtWorf 120 days ago
Everybody seems to hate distributions though.
link