HackerTrans
TopNewTrendsCommentsPastAskShowJobs

cephi

no profile record

comments

cephi
·il y a 3 mois·discuss
To provide some quick information (I implore others to correct me here):

- CachyOS packages should be coming from known, trusted CachyOS and Arch Linux maintainers. There is still potential for them or their original packages to get compromised (See XZ backdoor) however they are pulling source code from trusted sources so you can generally trust these as much as your trust the OS itself.

- AUR packages are a complete wild west. AUR packages are defined by PKGBUILD files and I highly recommend learning how to read PKGBUILDs and always reading them before installation and re-reading them when they are updated. PKGBUILDs for AUR packages can be treated as untrusted shell scripts and to a certain extent an arbitrary actor can make and upload any PKGBUILD to the AUR. Feel free to use them, but make sure A) they are downloading from trusted sources like the original git repo and B) they are running commands that are expected.

EDIT: Improved accuracy.
cephi
·il y a 5 mois·discuss
I may regret asking but what is your solution, then?
cephi
·il y a 5 mois·discuss
There's also the time they tried to kill the open-ness of SMTP
cephi
·il y a 6 mois·discuss
Oh! I wonder how I never noticed this before, thank you!
cephi
·il y a 6 mois·discuss
Sorry for the semi-off topic question but does anyone know if there is something similar for Rust or if there's a good starting point for building an FFI for Charm in Rust? I'm curious to know if I can integrate Charm into my existing projects because I absolutely love their tools!
cephi
·il y a 7 mois·discuss
If someone is going to get paid to build it anyway, I might as well be the one getting paid for it.