cqst
I mean you’d still expect that critical security fixes would land in testing, no?
they get there, just after uh, 5 days usually. things change during the soft freeze as the migration time gets even longer
testing is not really meant to be used in that way, you can think of testing of “what would the next debian stable look like if it was released today?” as the versions in debian stable are meant to be frozen, those that are in testing are meant to be tested at that version.
There will be no improvement with browsers until the introduction of one with a strong copyleft license.
Unless I’m missing something, here we will disagree. Secure or not, FOSS principle-respecting or not, if I’m choosing to install software by X then I’m going to get it straight from X and not involve third-party Y too.
Source code is like a recipe. Getting your food from the chef who made the recipe is fine, but getting it from another chef who… followed the same exact recipe is no different.
This is how the linux software distribution model works, distro maintainers are a CHECK on upstream.
I’m and end user
Yeah, we all are. What’s your point?
End users are also developers. All computer users are developers. You are developing.
user working for end users
By making a script that lets me get backdoors and shitty packages with ease? The linux package distribution system is a nightmare, Debian is the least bad approach. There is basically always a better option to using a .deb file. If you come across something that isn’t packaged, I recommend Flatpak, building from source (and installing unprivileged), or using the developers vendored tarball (installing unprivileged).
https://wiki.debian.org/SecureApt
By using local .debs you lose the benefit of:
Reproducible builds
GPG checksums
Stable release model
debian security team
Why does Debian-Ubuntu not provide a simple command for this?
You aren’t supposed to add repos. Ever. https://wiki.debian.org/UntrustedDebs
Apt is not built with security in mind, at all. The partial sandboxing it does do is trivial to bypass. Adding a repo is basically a RAT Trojan on your computer.
An example is signal-desktop
Yeah don’t use signal. They restrict freedom 3 by making distribution difficult. Thats why they trick you into using their RAT repo.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842943
The least bad option is the unofficial flatpak.
Personally I need the desktop client because I mod it with plugins that are so useful that I can’t do without these anymore.
Discord client modifications are against the Terms of Service. https://www.gnu.org/philosophy/free-sw.en.html
If you are getting your code straight from the author,
Which is not what you are doing at all with a .deb file. A .deb file is a binary with a bunch of scripts to “properly” install your package. Building from source is what you SHOULD be doing. Debian has an entire policy handbook on how packages are supposed to be packaged. Progrmatically you can review the quality of a package with ‘lintian’. .debs made by developers following a wiki tutorial can’t even come close. remember, apt installs happen as root and can execute arbitrary code.
Also, debian packagers can be project maintainers, so they can be “the author.”
Well, I’m just automating what people currently have to do manually : visit GitHub and download DEB and install DEB.
Yeah. You should never do that. Like ever. Build from source; or use a vendored tarball. https://wiki.debian.org/DontBreakDebian
.deb is a terribly insecure nightmare thats held up by the excellent debian packagers, gpg , and checksums, and stable release model. don’t use .deb files.
Dell E6400 can be flashed with libreboot without tools and is easily obtainable from Ebay.