Will the node-IPC incident finally teach people not to use package managers besides the ones by their Linux distro?

Will the node-IPC incident finally teach people not to use package managers besides the ones by their Linux distro?
Will npm cargo and pip finally go to hell?

Attached: 1638293794956.jpg (1024x1120, 254.52K)

I hope so.

How can you be sure the repo maintainers won't do the same thing?

There are a few differences with repo managers for Linux distros.
> you can't just tell distros to insert your piece of software into their repos
> someone has to actively stand up and say that he will maintain your piece of software as a package
> afterwards follows some disgussion about what the package is and why it should be included usually in some kind of mailing list
> that software is then forked and possibly even patched to make sure it works with the distro and the various architecture denominations the distro supports
> if the package is abandoned the package is removed or frozen until a new maintainer comes
None of this is a foolproof system, but it is more stable and reliable not to mention trustworthy.
NPM,PiP and cargo aren't.

Not to mention this also makes you a better programmer since you can't just import solution

no

Pip is full of malware already, people were retarded and will always be retarded

I doubt it. People don't give a shit about good security practices.
It would be nice if they at least set up a maintainer system to double check and merge in updates for popular packages, a la most linux distributions.

Because apps in the repos are maintained by a 3rd party, not the developer. And they're usually not updated immediately, there's a delay of a few hours up to 2 years. This intermediary step makes it unlikely something this malicious will slip through.

I normally hate blacks with a passion. When the culling happens, can we keep just him? So based!

When the devs stop being lazy pieces of shit and include all applications for Linux that exist.

all code upstream gets audited, and you have the private code vault...

There is however an opposite problem. If a malicious bit of software were to slip in (it does so frequently, unintentionally) the fix would be significantly delayed.

It wouldn't be delayed unless you're on a hobbyist distro whose repos aren't maintained.

If a malicious bit of software were to slip in (it does so frequently, unintentionally) the fix would be significantly delayed.
if a malicious piece of software somehow manages to go through there are a safeguards.
1. reverting the the previous version(my package manager can do it)
2. it is usually patched before packaging.

In comparison to a dev being incompetent or malicious being a malicious package maintainer is much harder. For one its harder to become a package maintainer since it requires a bit of trust. And second it is much harder to package something maliciously because unlike huge pieces of software the patches you as the package maintainer provide are not only minuscule and easy to read they also come under scrutiny a lot.

I only hate bitch-made simp man-ginas that come out of the matriarchy that is the black community.
Also known as good-for-nothing ignorant negroes with no dad.

no it fucking doesn't lmao.
otherwise node-ipc would not be an issue.

must get fixed on the OS level, there is no way around a proper sandbox if you allow any kind of user libs. the OS must become more like a browser, a folder being like a domain as simple example.

I always wondered can you be the mantainer of your own software?

Attached: 1641459504832.png (984x917, 501.03K)

most people don't, it's better to get a freetard to do it for you, cuz it's free!

I think we'll start seeing people be a little more reticent about their dependencies.

btw, look at this king

if they trust you to do it yes.
the build system is hosted on the distro btw.

>besides the ones by their Linux distro
what makes you think your linux distro is so trustworthy

it is.
The problem is people like to run sudo pip
or they may actually allow the program to run as a super user for no fucking reason.

You know part of the reason why Windows is so insecure when it comes to software distribution is the fact that a lot of applications require administrator permissions to install even if they do not actually need them.