← Back to context

Comment by xeromal

20 days ago

Yup, the only way to combat this as a smalltime dev would be to turn off auto updates and make people build from source.

6 comments

xeromal

Reply
m-schuetz  20 days ago

Why woul building from source be safer? Are you veting every single line of third-party source code you compile and use?

  • g-b-r  20 days ago

    You're sure not vetting any byte of an executable, so building from source is safer.

    • m-schuetz  20 days ago

      Binaries or source, it's pretty much the same unless you thoroughly vet the entire source code. Malicious code isn't advertised and commented and found by looking at a couple of functions. It's carefully hidden and obfuscated.

      1 reply →