Comment by rdevilla

The techcrunch article is my favorite piece on Spotify, and proves that LLMs will not save you from your own stupidity.

For years now the Spotify release team has been rotating their package signing key on every release. [0] This completely defeats the point of package signing, which is to assure you that the next release is coming from the same people as the last one. In Spotify's case this is impossible to ascertain, as one cannot easily distinguish a legit new signing key from Spotify, from a supply chain attack.

With all this extra "intelligence" and productivity you would think such long-standing trivialities and security flaws would have been addressed by now. Not so if the humans driving those agents don't understand basic concepts or recognize a problem even exists.

Instead, merely, "fuck the Linux users."

I cancelled my Spotify long ago when music started disappearing from my library. Pirated music does not disappear.

[0] https://aur.archlinux.org/packages/spotify#comment-1048914