Distro package maintainers are not security researchers, they don't audit the code they maintain.

alkonaut 4 months ago | parent | next [-]

They do to some extent in the larger distros, but for proprietary/binary packages they don't have much chance anyway unless they are willing to do some pretty time-consuming forensics.

	▲	tempaccount420 4 months ago \| parent [-]
		It'd be a gargantuan effort to do it for every package, most times it's just a version + hash update and maybe a test.

▲

LtWorf 4 months ago | parent | prev | next [-]

I do, and I work at a security company. But thanks for knowing more about my life than myself, random internet person.

▲

goodpoint 4 months ago | parent | prev | next [-]

This is false.

▲

flomo 4 months ago | parent | prev [-]

Plus the app developers at least have some level of accountability. Like when JWZ got into it with Debian (can't link here). You might think you are running XScreensaver from the great Zawinski, but no you are actually running some weird fork from godknowswho, hopefully not Jia Tan.

▲

ChocolateGod 4 months ago | parent | next [-]

XScreensaver is supposed to hide your desktop and Jia Tan is an expert at hiding things, so I think they'd be a perfect match.

▲

tempaccount420 4 months ago | parent | prev [-]

You got downvoted but yes, it's quite sad when distros release a package under the same name as the original but with their own set of patches. I think they should rename the package when they do that, even just a prefix/suffix with the distro name would be nice.

	▲	LtWorf 4 months ago \| parent [-]
		No user cares. If they cared they would be building everything from scratch :)