I mean.. how is this different from any OS distribution? Apple can push whatever. So can Red Hat or Ubuntu or Gentoo. Unless im literally running Linux From Scratch im at the mercy of maintainers to do whatever they want.
I'm not sure what the current state of most distributions is, but I remember update applications providing an option to accept or reject individual packages. Even without that, you could preview the list of pending updates and delay them indefinitely, do manual updates of individual packages, or configure it to ignore particular packages during updates. Historically, I believe that you could block certain updates on Windows as well - or maybe you could just rollback and update. Of course none of this is considered user friendly so things may have changed.
But where does the original compiler come from? Reproducible builds are only as good as the compiler used to compile them. That's the point of Trusting Trust. If you build with a backdoored compiler and I reproduce your build with the same backdoored compiler, that solves nothing. This is why full-source bootstrap is important[0].
There are a lot more distros than RH, Ubuntu, Gentoo and LFS. And none of them will show you ads except maybe Ubuntu. Plus you can also look at *BSD.
None of them comes close to what Microsoft is doing. To me, your comment looks like you do not understand the Linux eco-system. Plus IIRC, LFS can now come with compiled binaries.
> Apple can push whatever. So can Red Hat or Ubuntu or Gentoo
In the case of Ubuntu and Debian, and to a lesser extent RedHat, I trust the developers not to do that because they have a history of not "just pushing whatever".
Also in many cases I actually know these developers, and I can go round and ask them / remonstrate with them / put a brick through their window / other response if required about it.
"Ubuntu will apply security updates automatically, without user interaction. This is done via the unattended-upgrades package, which is installed by default."
And it went from unrealistic paranoia to 'like... obviously?' seamlessly.
It never was "you're paranoiac", it was "I don't care". Which still holds true when the providers don't abuse this power.
In 1985, there were no autoupdates/forced updates/or really any available updates that didn't come on physical media.
I mean.. how is this different from any OS distribution? Apple can push whatever. So can Red Hat or Ubuntu or Gentoo. Unless im literally running Linux From Scratch im at the mercy of maintainers to do whatever they want.
I'm not sure what the current state of most distributions is, but I remember update applications providing an option to accept or reject individual packages. Even without that, you could preview the list of pending updates and delay them indefinitely, do manual updates of individual packages, or configure it to ignore particular packages during updates. Historically, I believe that you could block certain updates on Windows as well - or maybe you could just rollback and update. Of course none of this is considered user friendly so things may have changed.
Provide a way to show that your compiled code is what you say it is.
https://wiki.debian.org/ReproducibleBuilds
But where does the original compiler come from? Reproducible builds are only as good as the compiler used to compile them. That's the point of Trusting Trust. If you build with a backdoored compiler and I reproduce your build with the same backdoored compiler, that solves nothing. This is why full-source bootstrap is important[0].
[0]: https://guix.gnu.org/en/blog/2023/the-full-source-bootstrap-...
1 reply →
There are a lot more distros than RH, Ubuntu, Gentoo and LFS. And none of them will show you ads except maybe Ubuntu. Plus you can also look at *BSD.
None of them comes close to what Microsoft is doing. To me, your comment looks like you do not understand the Linux eco-system. Plus IIRC, LFS can now come with compiled binaries.
> Apple can push whatever. So can Red Hat or Ubuntu or Gentoo
In the case of Ubuntu and Debian, and to a lesser extent RedHat, I trust the developers not to do that because they have a history of not "just pushing whatever".
Also in many cases I actually know these developers, and I can go round and ask them / remonstrate with them / put a brick through their window / other response if required about it.
Is that true? Can Ubuntu download and install and run new code without me doing anything? I am not sure that's the case.
Of course every time I run an update, they can install whatever. But that's different from what Windows is doing as I understand it...
"Ubuntu will apply security updates automatically, without user interaction. This is done via the unattended-upgrades package, which is installed by default."
https://documentation.ubuntu.com/server/how-to/software/auto...
1 reply →
I mean.. how is this different from any OS distribution?
The other OS distributions let you turn it off.