Not knowing that much about apt, isn't _any_ package system vulnerable, and purely a question of what guards are in place and what rights are software given upon install?

▲

viraptor 7 hours ago | parent [-]

It's not the packaging tech. Apt will typically mean a Debian-based distro. That means the packages are chosen by the maintainers and updated only during specific time periods and tested before release. Even if the underlying software gets owned and replaced, the distro package is very unlikely to be affected. (Unless someone spent months building trust, like xz)

But the basic takeover... no, it usually won't affect any Debian style distro package, due to the release process.

▲

trollbridge 6 hours ago | parent [-]

Given the years (or decades) it takes updates to happen in Debian stable, it’s immune to supply chain attacks. You do get to enjoy vulnerabilities that have been out for years, though.

	▲	alt227 4 hours ago \| parent \| next [-]
		> it’s immune to supply chain attacks Thats a strong statement that I can see aging very badly.
	▲	FergusArgyll 5 hours ago \| parent \| prev [-]
		Security updates are basically immediate, even on stable flavors