753

submitted 1 year ago by likeaduck@programming.dev to c/programmer_humor@programming.dev

52 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] pazukaza@lemmy.ml 7 points 1 year ago

Actual question. Isn't installing stuff from third party repos like super dangerous? The package scripts run with root access, right?

So, I guess you could tell if the hash of the package matches the hash of the code after you build it... But, what about upgrades on that package after it is installed? They could change the setup scripts and screw a lot of people right?

Not saying these guys do it, just wondering about security stuff.

[-] whou@lemmy.ml 20 points 1 year ago

quote stolen directly from the repo:

"Science isn't about WHY. It's about WHY NOT. Why is so much of our science dangerous? Why not marry safe science if you love it so much. In fact, why not invent a special safety door that won't hit you on the butt on the way out, because you are fired." — Cave Johnson (Portal 2)

[-] pazukaza@lemmy.ml 1 points 1 year ago

Lol

[-] darcy@sh.itjust.works 8 points 1 year ago

ideally package build scripts should be checked each update (although i am personally too lazy to)

[-] pazukaza@lemmy.ml 5 points 1 year ago

Ain't nobody got time for that 🎶

this post was submitted on 13 Jul 2023

753 points (99.0% liked)

Programmer Humor

19187 readers

1493 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

Keep content in english
No advertisements
Posts must be related to programming or programmer topics

founded 1 year ago

MODERATORS

Feyter@programming.dev

anzo@programming.dev

BurningTurtle@programming.dev