|
|
|
|
|
|
by brockers
4288 days ago
|
|
|
The location of the package isn't what makes it safe (i.e. cross-site vulnerabilities and such) but that the package signature matches the published signature from the author. Then it doesn't matter where you download the package. Does slackware do this verification for you? |
|
|
The only difference between me validating the source and building and installing it myself, and trusting apt to do all that for me, is that apt has been proven to be vulnerable. I'm not going to purposely install non-vetted code on my system, but now it's been proven that apt very well might do that. Again, how is a broken apt more secure than me manually vetting the source, when it comes to my own system?