Last week, I turned on my PC, installed a Windows update, and rebooted to find Microsoft Edge automatically open with the Chrome tabs I was working on before the update. I don’t use Microsoft Edge regularly, and I have Google Chrome set as my default browser. Bleary-eyed at 9AM, it took me a moment to realize that Microsoft Edge had simply taken over where I’d left off in Chrome. I couldn’t believe my eyes.
If no one is actually auditing that code, or somehow confirming that the binaries shipped by your package manager match what the code compiles to, then you’re still playing a trust game.
Trusting in open source software devs rather than a capitalist corporation definitely makes sense, but it isn’t some panacea for “safe, nonspying software”.
Also, dependencies on linux absolutely include programs I don’t want. They just tend to be less obtrusive terminal programs and libraries rather than full blown UI based shit. Less visible, but far easier to sneak under the radar.
That’s why I use Gentoo. I don’t read the code, even just Firefox is absolutely bonkers, but being able to flag out parts of code just feels nice. I know it’s not absolute, but -telemetry gives me a nice warm feeling inside.
is why the mostly trust :3 as always run code at ur own risk
and the utility programs thatr part of thhe dependencies r often there so its easier for devs to use depenancies, so they do sorta gotta be there !
Indeed, that’s why: https://reproducible-builds.org/
Right now, Debian seems to be leading with over 95% of packages being reproducible.