ihatelinux@sh.itjust.works to Linux@lemmy.ml · 11 months agoDoes any distro read through 100% of the source-code of a package before adding it to its repo?message-squaremessage-square56fedilinkarrow-up1123arrow-down19
arrow-up1114arrow-down1message-squareDoes any distro read through 100% of the source-code of a package before adding it to its repo?ihatelinux@sh.itjust.works to Linux@lemmy.ml · 11 months agomessage-square56fedilink
minus-squaremarkstos@lemmy.worldlinkfedilinkarrow-up14·11 months agoThese days you are likely running some code nobody read closely. The author trusted AI and didn’t fully understand it. The maintainer trusted the author and merged because the change sounded good and the tests passed and they are grateful anyone contributed at all. The packager trusted the maintainer. The security team trusted the packager. The user trusted the distro.
These days you are likely running some code nobody read closely.
The author trusted AI and didn’t fully understand it.
The maintainer trusted the author and merged because the change sounded good and the tests passed and they are grateful anyone contributed at all.
The packager trusted the maintainer. The security team trusted the packager. The user trusted the distro.