Doesn't mean it's safe.

vunderba 12 hours ago | parent | next [-]

I didn't say it was. But having the source means you (and others) can vet the code if that's a concern.

moron4hire 12 hours ago | parent | prev [-]

Yeah, I would probably delete this updater if I were to try this: https://github.com/ramensoftware/windhawk/blob/main/src/wind...

▲

baq 12 hours ago | parent | next [-]

as opposed to any other updater on your system...?

> Tech Enthusiasts: Everything in my house is wired to the Internet of Things! I control it all from my smartphone! My smart-house is bluetooth enabled and I can give it voice commands via alexa! I love the future!

> Programmers / Engineers: The most recent piece of technology I own is a printer from 2004 and I keep a loaded gun ready to shoot it if it ever makes an unexpected noise.

— https://imgur.com/6wbgy2L (actually a tweet from someone else, but apparently it's private now)

▲

moron4hire 10 hours ago | parent | next [-]

It's actually not completely outside of my threat profile.

Honestly, with the prevailaince of ransomware attacks, unless you're a literal hermit, it shouldn't be out of anyone's threat profile.

	▲	baq 9 hours ago \| parent [-]
		Absolutely. Sufficiently capable LLMs can mass produce exploits against whole ecosystems; recent Anthropic post moves the risk needle from ‘theoretical’ to ‘realized’. Any auto-updating software is running a risk of its cdn and/or build forge being compromised. Scary times.

▲

10 hours ago | parent | prev [-]

[deleted]

▲

m417z 9 hours ago | parent | prev [-]

This is not an updater. Due to the sensitive nature of Windhawk, it has no auto-updating mechanism, only update notifications (this file is part of that).