HackerTrans
トップ新着トレンドコメント過去質問紹介求人

cephi

no profile record

コメント

cephi
·3 か月前·議論
To provide some quick information (I implore others to correct me here):

- CachyOS packages should be coming from known, trusted CachyOS and Arch Linux maintainers. There is still potential for them or their original packages to get compromised (See XZ backdoor) however they are pulling source code from trusted sources so you can generally trust these as much as your trust the OS itself.

- AUR packages are a complete wild west. AUR packages are defined by PKGBUILD files and I highly recommend learning how to read PKGBUILDs and always reading them before installation and re-reading them when they are updated. PKGBUILDs for AUR packages can be treated as untrusted shell scripts and to a certain extent an arbitrary actor can make and upload any PKGBUILD to the AUR. Feel free to use them, but make sure A) they are downloading from trusted sources like the original git repo and B) they are running commands that are expected.

EDIT: Improved accuracy.
cephi
·5 か月前·議論
I may regret asking but what is your solution, then?
cephi
·5 か月前·議論
There's also the time they tried to kill the open-ness of SMTP
cephi
·6 か月前·議論
Oh! I wonder how I never noticed this before, thank you!
cephi
·6 か月前·議論
Sorry for the semi-off topic question but does anyone know if there is something similar for Rust or if there's a good starting point for building an FFI for Charm in Rust? I'm curious to know if I can integrate Charm into my existing projects because I absolutely love their tools!
cephi
·7 か月前·議論
If someone is going to get paid to build it anyway, I might as well be the one getting paid for it.