@whitequark @eevee @Tvorsk the biggest thing i don't like about this is that if i install a distro package i know it's gone through at least minimal vetting, and if upstream did something really heinous it's more likely to be mitigated
shipping everything with its dependencies means I have to trust every individual upstream and I'm not sure some are exactly worthy of trust. not endorsing any specific solution here though because I don't know one, but
shipping everything with its dependencies means I have to trust every individual upstream and I'm not sure some are exactly worthy of trust. not endorsing any specific solution here though because I don't know one, but