Packages in the default repos for some large Linux distro are usually reviewed a... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		mad182 on Jan 20, 2021 \| parent \| context \| favorite \| on: I no longer trust The Great Suspender Packages in the default repos for some large Linux distro are usually reviewed and tested by many people until they make it into updates for current stable version, so while it's probably not entirely impossible for some malicious code to get in, it seems pretty unlikely. Unlike browser extensions, where the current owner can upload anything they want and it's pushed to the users without them even knowing.

AQXt on Jan 20, 2021 [–]

How about `npm`, `pip`, `cpan`?...

We have seen bad updates breaking the entire Javascript ecosystem, but they were not intentional.

All it takes to inject a bad dependency is a burned out developer willing to delegate his free project to someone else...

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact