this post was submitted on 17 Sep 2024
446 points (99.1% liked)

Open Source

31710 readers
253 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
 

I had no idea this issue had been identified. While I find this tool very useful, the project is seeming rather questionable to me now.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 7 points 3 months ago* (last edited 3 months ago) (3 children)

This is a bit absurd. I really don't think this is as serious as some comments say. Also there is a comment from AUR package manager which explains more details. . And even the blobs in the first post there are source and build instructions in their respective folder.

[–] [email protected] 20 points 3 months ago

And even the blobs in the first point there are source and build instructions in their respective folder.

No it is not. It is supposedly the built result based on the instruction provided. If they can just provide that instruction, why not provide the source as well?

The issue thread also highlights the stubbornness and hostility of the project maintainer toward possible contributors.

[–] [email protected] 13 points 3 months ago (1 children)

I firmly believe there are no backdoors or anything dodgy going on here

OK but that's hardly reassuring.

[–] [email protected] 6 points 3 months ago

Not suspicious at all.

[–] [email protected] 12 points 3 months ago

That linked reply doesn't explain anything. It just says "bro trust him". Just because you and the AUR maintainer says its trustful, does not make it clear whats behind the binary blobs. It doesn't matter what anyone says, if we can't verify. In my opinion, its absurd calling others absurd for not trusting the word of others.