| ▲ | troupo a day ago | |
Repos and maintainers etc. are just a long unauditable supply chain [1]. And everyone is encouraged to blindly trust this chain with sudo access. It's worse than that. If your distro doesn't have some package, you're encouraged to just add PPA repos and blindly trust those. Quite a few companies run their own repos as well, and adding their packages is again `sudo add repo; sudo install` Yes, it's not as egregious as just `curl | bash`, but it's not as far removed from it as you think. | ||