Distro package maintainers are not security researchers, they don't audit the code they maintain.

They do to some extent in the larger distros, but for proprietary/binary packages they don't have much chance anyway unless they are willing to do some pretty time-consuming forensics.

	▲	tempaccount420 a year ago \| parent [-]
		It'd be a gargantuan effort to do it for every package, most times it's just a version + hash update and maybe a test.

▲

LtWorf a year ago | parent | prev | next [-]

I do, and I work at a security company. But thanks for knowing more about my life than myself, random internet person.

▲

goodpoint a year ago | parent | prev | next [-]

This is false.

▲

flomo a year ago | parent | prev [-]

Plus the app developers at least have some level of accountability. Like when JWZ got into it with Debian (can't link here). You might think you are running XScreensaver from the great Zawinski, but no you are actually running some weird fork from godknowswho, hopefully not Jia Tan.

▲

ChocolateGod a year ago | parent | next [-]

XScreensaver is supposed to hide your desktop and Jia Tan is an expert at hiding things, so I think they'd be a perfect match.

▲

tempaccount420 a year ago | parent | prev [-]

You got downvoted but yes, it's quite sad when distros release a package under the same name as the original but with their own set of patches. I think they should rename the package when they do that, even just a prefix/suffix with the distro name would be nice.

	▲	LtWorf a year ago \| parent [-]
		No user cares. If they cared they would be building everything from scratch :)