Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
tempaccount420 14 hours ago

Distro package maintainers are not security researchers, they don't audit the code they maintain.

alkonaut 13 hours ago | parent | next [-]

They do to some extent in the larger distros, but for proprietary/binary packages they don't have much chance anyway unless they are willing to do some pretty time-consuming forensics.

tempaccount420 an hour ago | parent [-]

It'd be a gargantuan effort to do it for every package, most times it's just a version + hash update and maybe a test.

LtWorf 8 hours ago | parent | prev | next [-]

I do, and I work at a security company. But thanks for knowing more about my life than myself, random internet person.

goodpoint 13 hours ago | parent | prev | next [-]

This is false.

flomo 13 hours ago | parent | prev [-]

Plus the app developers at least have some level of accountability. Like when JWZ got into it with Debian (can't link here). You might think you are running XScreensaver from the great Zawinski, but no you are actually running some weird fork from godknowswho, hopefully not Jia Tan.

ChocolateGod 13 hours ago | parent | next [-]

XScreensaver is supposed to hide your desktop and Jia Tan is an expert at hiding things, so I think they'd be a perfect match.

tempaccount420 an hour ago | parent | prev [-]

You got downvoted but yes, it's quite sad when distros release a package under the same name as the original but with their own set of patches. I think they should rename the package when they do that, even just a prefix/suffix with the distro name would be nice.