| ▲ | xeromal 4 hours ago |
| Yup, the only way to combat this as a smalltime dev would be to turn off auto updates and make people build from source. |
|
| ▲ | m-schuetz 4 hours ago | parent | next [-] |
| Why woul building from source be safer? Are you veting every single line of third-party source code you compile and use? |
| |
| ▲ | g-b-r 3 hours ago | parent [-] | | You're sure not vetting any byte of an executable, so building from source is safer. | | |
| ▲ | m-schuetz 38 minutes ago | parent [-] | | Binaries or source, it's pretty much the same unless you thoroughly vet the entire source code. Malicious code isn't advertised and commented and found by looking at a couple of functions. It's carefully hidden and obfuscated. |
|
|
|
| ▲ | tjwebbnorfolk 4 hours ago | parent | prev [-] |
| yea `curl <url> | gcc` is much safer... |
| |
| ▲ | trympet 3 hours ago | parent [-] | | Security through ..rarity? Maybe not for nation state actors though. |
|
