← Back to context

Comment by altairprime

13 hours ago

Assuming that the majority of repositories will be malware with SEO hooks, how would one locate a safe directory using only a search engine (as opposed to whispered tips from coworkers, etc)? I don’t see how proliferation of repositories improves things for users. (Certainly, it does serve up the usual freedom-from-regulation dreams on a silver platter, but that’s value-neutral from a usability perspective.)

2 comments

altairprime

Reply
rmccue  12 hours ago

The aggregators can choose who to index, and we operate one at fair.pm - the idea being that you only federate repositories that meet requirements, and can defederate those which are bad actors. (End users can install directly from repositories though, and can always switch the aggregator if they find the rules too restrictive - no lock-in.)

  • altairprime  9 hours ago

    What aggregators? How would I locate fair.fm? Is there a Whole Earth Guide to Repositories that’s human-curated? What is the published malware incidences and non-responses rate for each repository?