Nearly 2000 packages affected now.

I’m starting to become sceptical of pacakge managers as a concept.

  • insurgentrat [she/her, it/its]@hexbear.net
    link
    fedilink
    English
    arrow-up
    12
    ·
    19 天前

    Yay is itself an unofficial piece of software with terrible security defaults such as not showing diffs by default. To install yay you go outside the official repositories, it is no more trustworthy than going to enthusiastsite.com and downloading some makewindowsawesome.exe

    The AUR is still a better solution than everyone (mis)managing their own systems and never updating anything but it is not vetted, it’s in the bloody name what it is.

    The rest is just social problems, if you’re not fit to audit code and have to rely on trusting maintainers why would you expect removing them would make it better. Look at windows for an indication of the ludicrous mess of out of date and vulnerable software or ransomeware etc that will happen.