I had a job offering to develop exactly this about ten years ago. I rejected, someone else obviously didn't.https://twitter.com/Snowden/status/972110541408952320 …
-
-
I agree regarding shoddy checks and possibility of injection. But I see that on commercial/closed software nowadays almost any app implements their own update logic. And I'm pretty certain that most do even worse crypto/signing/checks than pacman/apt/emerge/…
-
How is that different from, say, npm?
-
Well, yes, I concur. That's a trainwreck. And I don't claim that open-source, in its current implemented form, is inherently better. But I believe (maybe erroneously) in commercial windows-software world it's currently *more* *prevalent* that everyone implements own updating.
End of conversation
New conversation -
-
-
I use FOSS and build from source on my own box, so how? This is where damn near total control is effective. It seems convenience is the basis for vast numbers of exploits/attacks.
-
Ever read "Reflections on trusting trust"? Also, BIOS implants, SMM backdoors.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.