[ProgClub programming] Raspberry Pi 3 Model B+

Jedd Rashbrooke jedd.rashbrooke at gmail.com
Wed Jul 22 18:06:38 AEST 2020


On Wed, 22 Jul 2020 at 17:57, John Elliot V | ProgClub <jj5 at progclub.org>
wrote:

> On 22/7/20 7:52 am, Jedd Rashbrooke wrote:
> > Less risky - that's demonstrably not true.  If we were both using these
> > repositories with unattended upgrades enabled, we'd have avoided that
> > whole kerfuffle from a couple of months ago.
>
> You make a valid point. Still, when I add an APT source I give a third
> party (who I usually know almost nothing about) effectively root on all
> of my systems... you could understand me being somewhat uneasy about that
>

 Are you assuming that every application you're using on your Ubuntu box
has been code-reviewed for vulnerabilities by Canonical?

 If so, you are mistaken.

 They take the code from upstream, package it, and put it on their
repositories.

 They may fiddle with some package metadata (description, depends,
suggests, etc), and perhaps occasionally backport patches for LTS releases,
but that would be the extent of it.

 The only effective difference between using salt from Salt's repositories
versus Ubuntu's is that the latter are guaranteed to be less current.
Usually this isn't terribly important -- but when it is important, it's
*very* important.

 j.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.progclub.org/pipermail/programming/attachments/20200722/917322dd/attachment.htm>


More information about the programming mailing list