zlacker

[parent] [thread] 3 comments
1. xvilka+(OP)[view] [source] 2026-02-04 03:36:54
There are always Chocolatey and Scoop.
replies(2): >>chii+qk >>eterm+io
2. chii+qk[view] [source] 2026-02-04 06:57:01
>>xvilka+(OP)
Why wouldn't those also become a target, if they would grow to be sizable?

And if they have prevention mechanisms, why can't existing supply chains be secured with similar prevention mechanisms, instead of funneling to a single package manager provider?

replies(1): >>kijin+xB
3. eterm+io[view] [source] 2026-02-04 07:35:00
>>xvilka+(OP)
These days there is Winget which I'd rather use than either of those.
◧◩
4. kijin+xB[view] [source] [discussion] 2026-02-04 09:18:04
>>chii+qk
The supply chain for Notepad++ updates was a PHP script on a shared hosting account pointing to the URL of an executable file.

Surely someone with more resources and more sets of eyes could do better than that? AFAIK nobody has compromised Debian's APT repositories and Red Hat's RPM repositories yet.

[go to top]