That’s pretty much the definition. Auto updating is trusting the developer (Almost always a bad idea).

Simply running the software means trusting the developer. But even then, do you really read the commits comprising the latest Firefox update? How would I review the updates for my cell phone? I just hit "okay", or simply set up auto updates.

▲

skydhash 5 days ago | parent [-]

I trust Debian, and I do trust Firefox. I also trust Node, NPM, and Yarn. But I don’t trust the myriad packages in some rando projects. So who I trust got installed by apt. Anyone else is relocated to a VM or some kind of sandbox.

▲

mr_mitm 5 days ago | parent [-]

So your issue isn't related to auto updates at all, not even "almost always"

	▲	skydhash 5 days ago \| parent [-]
		Apt doesn't autoupdate.

▲

5 days ago | parent | prev [-]

[deleted]