ihatelinux@sh.itjust.works to Linux@lemmy.ml · 1 year agoDoes any distro read through 100% of the source-code of a package before adding it to its repo?message-squaremessage-square56fedilinkarrow-up1123arrow-down19
arrow-up1114arrow-down1message-squareDoes any distro read through 100% of the source-code of a package before adding it to its repo?ihatelinux@sh.itjust.works to Linux@lemmy.ml · 1 year agomessage-square56fedilink
minus-squaremarkstos@lemmy.worldlinkfedilinkarrow-up14·1 year agoThese days you are likely running some code nobody read closely. The author trusted AI and didn’t fully understand it. The maintainer trusted the author and merged because the change sounded good and the tests passed and they are grateful anyone contributed at all. The packager trusted the maintainer. The security team trusted the packager. The user trusted the distro.
These days you are likely running some code nobody read closely.
The author trusted AI and didn’t fully understand it.
The maintainer trusted the author and merged because the change sounded good and the tests passed and they are grateful anyone contributed at all.
The packager trusted the maintainer. The security team trusted the packager. The user trusted the distro.