| ▲ | delta_p_delta_x 5 hours ago | |
> Linux won't ever do this BS. Arch Linux's AUR was recently hit by an actual malware supply-chain attack[1], which I would claim is arguably worse than adware. NPM is regularly in the news for supply-chain attacks. And then there was the XZ utils debacle in 2024. I concede that Microsoft is in part responsible for facilitating something like this, but just because something is free and open-source or based on Linux doesn't make it a universal panacea for malware or supply-chain pwnage. [1]: https://lists.archlinux.org/archives/list/aur-general@lists.... | ||