• pazukaza@lemmy.ml
      link
      fedilink
      arrow-up
      0
      arrow-down
      1
      ·
      1 year ago

      Actual question. Isn’t installing stuff from third party repos like super dangerous? The package scripts run with root access, right?

      So, I guess you could tell if the hash of the package matches the hash of the code after you build it… But, what about upgrades on that package after it is installed? They could change the setup scripts and screw a lot of people right?

      Not saying these guys do it, just wondering about security stuff.

      • whou@lemmy.ml
        link
        fedilink
        arrow-up
        4
        ·
        1 year ago

        quote stolen directly from the repo:

        “Science isn’t about WHY. It’s about WHY NOT. Why is so much of our science dangerous? Why not marry safe science if you love it so much. In fact, why not invent a special safety door that won’t hit you on the butt on the way out, because you are fired.” — Cave Johnson (Portal 2)

      • darcy@sh.itjust.works
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        ideally package build scripts should be checked each update (although i am personally too lazy to)

    • snor10@lemm.ee
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      I heard it is buggy, I think I’ll wait for Linux Vista to be released.

    • atyaz@reddthat.com
      link
      fedilink
      arrow-up
      0
      ·
      1 year ago

      Is it really that bad? I haven’t used it in years so I’m not following it. Do they literally have a built-in keylogger?

        • Aloso@programming.dev
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          Microsoft does collect a lot of data. But storing every keystroke is first of all impractical, because it would take a lot of disk space to store every keystroke of every user, and secondly not very useful unless they also knew when, in which application, and in what context each key was pressed.

      • Big P@feddit.uk
        link
        fedilink
        arrow-up
        0
        ·
        1 year ago

        Think about it practically. Microsoft is not an advertising company, they make their money from enterprise software. Windows is installed on billions of computers. The infrastructure required to accept and process every single key pressed by every single windows user and turn it into something usable would be enormous. And for what? To make a few extra millions by selling it to some advertising company?

        • spiffeeroo@programming.dev
          link
          fedilink
          arrow-up
          0
          arrow-down
          1
          ·
          1 year ago

          Microsoft is an advertising company just like Google, Meta, Amazon, and Apple. Bing search and Edge browser in Windows are a few ways ads are shown to users. Netflix is using Microsoft ads network for their platform to show to their subscribers. Companies pay a lot of money to get preferential suggestions/queries on their stores and search engines.

          https://about.ads.microsoft.com/en-us/solutions/microsoft-audience-network

          Microsoft generates over 10 billion US Dollars per year in revenue from their advertisement division. The revenue growth from their advertisement business is growing exponentially at around 10 percent every year.