Comment by skydhash
3 months ago
That’s pretty much the definition. Auto updating is trusting the developer (Almost always a bad idea).
3 months ago
That’s pretty much the definition. Auto updating is trusting the developer (Almost always a bad idea).
Simply running the software means trusting the developer. But even then, do you really read the commits comprising the latest Firefox update? How would I review the updates for my cell phone? I just hit "okay", or simply set up auto updates.
I trust Debian, and I do trust Firefox. I also trust Node, NPM, and Yarn. But I don’t trust the myriad packages in some rando projects. So who I trust got installed by apt. Anyone else is relocated to a VM or some kind of sandbox.
So your issue isn't related to auto updates at all, not even "almost always"
1 reply →