← Back to context

Comment by viraptor

5 days ago

It's not the packaging tech. Apt will typically mean a Debian-based distro. That means the packages are chosen by the maintainers and updated only during specific time periods and tested before release. Even if the underlying software gets owned and replaced, the distro package is very unlikely to be affected. (Unless someone spent months building trust, like xz)

But the basic takeover... no, it usually won't affect any Debian style distro package, due to the release process.

3 comments

viraptor

Reply
trollbridge  4 days ago

Given the years (or decades) it takes updates to happen in Debian stable, it’s immune to supply chain attacks. You do get to enjoy vulnerabilities that have been out for years, though.