![]() Some developers don't like this scheme and that's fine, for the most part I simply choose to not use their software. This scheme works fine for the majority of software I give a shit about. They would need to buy out or trick the Debian or F-Droid package maintainers, which I generally trust to not happen (and I haven't been burned by this trust before.) The upstream can sell out and start publishing malicious updates but they can't push those updates to Debian or F-Droid, because they don't have the necessary permissions to do so. ![]() If this extension were a program packaged by Debian or F-Droid, this wouldn't happen. The problem is when the extension owner is the same as the extension packager, and the repo doesn't enforce any meaningful review or standards before allowing an updated extension to be pushed to their repo. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |