I thought I’ll make this thread for all of you out there who have questions but are afraid to ask them. This is your chance!

I’ll try my best to answer any questions here, but I hope others in the community will contribute too!

  • jack
    link
    fedilink
    arrow-up
    1
    ·
    9 months ago

    If that is a good tradeoff for you, old/broken packages but more trusted, then that’s okay. Btw, the xz backdoor was found so quickly it didn’t even ship to most distros in use, except for Debian Sid and Arch I think

    • bloodfart@lemmy.ml
      link
      fedilink
      arrow-up
      1
      ·
      9 months ago

      I see it as a fantastic trade off. There are some packages I use that need to be more up to date than stable repos and I either install them from different repos or in a different way.

      And arch never even had the whole backdoor because they built from source and didn’t include the poison pill binary component from the attacker.