this post was submitted on 19 Nov 2023
704 points (90.6% liked)

linuxmemes

20880 readers
7 users here now

I use Arch btw


Sister communities:

Community rules

  1. Follow the site-wide rules and code of conduct
  2. Be civil
  3. Post Linux-related content
  4. No recent reposts

Please report posts and comments that break these rules!

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 44 points 1 year ago (3 children)

Just use trusted repos πŸ‘
We have GPG for a reason.

[–] [email protected] 13 points 1 year ago (2 children)

There are a lot more ways to sneak malware into a system. Especially if some apps aren't being maintained anymore. Linux is definitely safer, but you shouldn't let your guard down

[–] [email protected] 8 points 11 months ago (1 children)

especially if you're a developer. There are a lot of shenanigans going on with malware npm packages that prey on easy typos. I imagine it's the same with other library installers for other languages too

[–] [email protected] 3 points 11 months ago

Funny you bring this up because it's exactly what I was thinking of. A million small packages and dependencies and who knows if the repos got hijacked

[–] [email protected] 3 points 1 year ago (2 children)

Okay, what happens if your repo doesn't have a specific software you are looking for? A trusted repo is good, but it won't have everything you might want. This is especially true for new software or less popular software.

[–] [email protected] 6 points 1 year ago* (last edited 1 year ago)

Install nix, flatpack, etc. ◉⁠‿⁠◉

[–] [email protected] 2 points 1 year ago

You audit the code