It's a different approach to security. There are no malicious apps in GNU/Linux repositories. (And yes, Linux security should be improved; I run Qubes on desktop)
That's like saying using a hole in a wall is a different approach to security than putting a lockable door in a wall. Sure no security is s different approach to security, but it's not an effective one.
>There are no malicious apps in GNU/Linux repositories
Maybe not intentionally malicous, but there have been bugs that can cause applications to act maliciously such as deleting users files. If an application gets exploited it could also do malicous things. Just because you trust the author of a program, that doesn't mean that sanboxing is pointless. Additionally programs like the terminal are a free for the user to run things like curl | sh which can run malware infecting the system and run wild since there is no security to stop it from doing almost anything.
>Purism
The wiki page pretty much says that they don't have privacy or security and don't have the resources to implement such features unlike Google or Apple. They also make some claims to try and pretend their platform is secure and private in order to help sell the Librem 5, a product they made with inferior privacy and security compared to Android.
> There are no malicious apps in GNU/Linux repositories.
That's definitely not the case. There have been repeated cases of developers shipping malicious code which ended up in distribution package repositories. Defining malicious is difficult and incredibly privacy invasive behavior is often not considered to be malicious. That software is also generally being used without a mandatory app sandbox with a proper permission model, so it can access whatever it wants for the most part beyond self-imposed restrictions.
There are similarly maintained package repositories for Android such as F-Droid. It adds the people doing packaging as trusted parties. Contrary to common misconceptions, Linux distributions and F-Droid are not meaningfully auditing/reviewing the upstream code and therefore not actually significantly reducing trust in the upstream projects. There substantial delays for updates with how most are maintained, so that gives time for external parties to find issues but doesn't mean it won't be packaged and shipped anyway.
https://madaidans-insecurities.github.io/linux.html
It's a different approach to security. There are no malicious apps in GNU/Linux repositories. (And yes, Linux security should be improved; I run Qubes on desktop)
https://source.puri.sm/Librem5/docs/community-wiki/-/wikis/F...
>It's a different approach to security
That's like saying using a hole in a wall is a different approach to security than putting a lockable door in a wall. Sure no security is s different approach to security, but it's not an effective one.
>There are no malicious apps in GNU/Linux repositories
Maybe not intentionally malicous, but there have been bugs that can cause applications to act maliciously such as deleting users files. If an application gets exploited it could also do malicous things. Just because you trust the author of a program, that doesn't mean that sanboxing is pointless. Additionally programs like the terminal are a free for the user to run things like curl | sh which can run malware infecting the system and run wild since there is no security to stop it from doing almost anything.
>Purism
The wiki page pretty much says that they don't have privacy or security and don't have the resources to implement such features unlike Google or Apple. They also make some claims to try and pretend their platform is secure and private in order to help sell the Librem 5, a product they made with inferior privacy and security compared to Android.
3 replies →
> There are no malicious apps in GNU/Linux repositories.
That's definitely not the case. There have been repeated cases of developers shipping malicious code which ended up in distribution package repositories. Defining malicious is difficult and incredibly privacy invasive behavior is often not considered to be malicious. That software is also generally being used without a mandatory app sandbox with a proper permission model, so it can access whatever it wants for the most part beyond self-imposed restrictions.
There are similarly maintained package repositories for Android such as F-Droid. It adds the people doing packaging as trusted parties. Contrary to common misconceptions, Linux distributions and F-Droid are not meaningfully auditing/reviewing the upstream code and therefore not actually significantly reducing trust in the upstream projects. There substantial delays for updates with how most are maintained, so that gives time for external parties to find issues but doesn't mean it won't be packaged and shipped anyway.
4 replies →