this post was submitted on 29 Jan 2024
279 points (100.0% liked)
Technology
37712 readers
154 users here now
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
If no one is actually auditing that code, or somehow confirming that the binaries shipped by your package manager match what the code compiles to, then you're still playing a trust game.
Trusting in open source software devs rather than a capitalist corporation definitely makes sense, but it isn't some panacea for "safe, nonspying software".
Also, dependencies on linux absolutely include programs I don't want. They just tend to be less obtrusive terminal programs and libraries rather than full blown UI based shit. Less visible, but far easier to sneak under the radar.
is why the mostly trust :3 as always run code at ur own risk
and the utility programs thatr part of thhe dependencies r often there so its easier for devs to use depenancies, so they do sorta gotta be there !
Indeed, that's why: https://reproducible-builds.org/
Right now, Debian seems to be leading with over 95% of packages being reproducible.
That's why I use Gentoo. I don't read the code, even just Firefox is absolutely bonkers, but being able to flag out parts of code just feels nice. I know it's not absolute, but -telemetry gives me a nice warm feeling inside.