zlacker

[parent] [thread] 3 comments
1. gf000+(OP)[view] [source] 2025-09-16 13:47:29
> Linux's security model is based on trusting the software you're installing from the FLOSS repositories,

That's not a security model, and we don't live in fairyland.

Just take a look how well this works with npm packages. It just so happens that emacs plugins are not the most worthwhile target for attackers.

replies(1): >>fsflov+I
2. fsflov+I[view] [source] 2025-09-16 13:51:42
>>gf000+(OP)
> npm packages

This has nothing to do with what I said. npm is not a trusted or a FLOSS repository.

> we don't live in fairyland

When did you see a malware in Debian's repositories last time?

replies(1): >>jovial+b73
◧◩
3. jovial+b73[view] [source] [discussion] 2025-09-17 10:59:41
>>fsflov+I
https://en.wikipedia.org/wiki/XZ_Utils_backdoor
replies(1): >>fsflov+zJ3
◧◩◪
4. fsflov+zJ3[view] [source] [discussion] 2025-09-17 14:54:07
>>jovial+b73
It never came to Debian and was a work of a tremendous effort. This almost never happens, and when it does, practically nothing can protect you.
[go to top]