Email or username:

Password:

Forgot your password?
Hector's posts Post Back to profile
Top-level
Akseli :quake_verified:​ :kde:

@marcan my point is that when downloading something from package manager it has likely way less chance to delete my home folder than piping a script to bash, due to more excessive testing and wider usage.

But in general i agree with your argument, when it comes to security nobody really cares, they just want to get things done.

23 May at 11:11 | Wall-to-wall | Open on scalie.zone
2 comments
Hector Martin

@aks I don't see how something coming via package manager means it gets wider testing. It might, or might not, mean it gets a few more eyeballs, if it was packaged by a third party.

But we are shipping an OS. We *are* the package manager. If you don't trust us not to screw up then it doesn't matter how the download works.

23 May at 11:52 | Open on social.treehouse.systems
Akseli :quake_verified:​ :kde:

@marcan Not critiquing how you do it, nor saying what i think is "correct", was more a feeling thing. :) Perceived security vs actual security.

I always read the script anyway, but more for the curiosity than for the verification. And i understand your usecase for it!

23 May at 11:56 | Open on scalie.zone
Go Up