undefined | Better HN

0 pointsxeromal1mo ago0 comments

Yup, the only way to combat this as a smalltime dev would be to turn off auto updates and make people build from source.

0 comments

m-schuetz1mo ago

Why woul building from source be safer? Are you veting every single line of third-party source code you compile and use?

g-b-r1mo ago

You're sure not vetting any byte of an executable, so building from source is safer.

m-schuetz1mo ago

Binaries or source, it's pretty much the same unless you thoroughly vet the entire source code. Malicious code isn't advertised and commented and found by looking at a couple of functions. It's carefully hidden and obfuscated.

1 more reply

tjwebbnorfolk1mo ago

yea `curl <url> | gcc` is much safer...

trympet1mo ago

Security through ..rarity? Maybe not for nation state actors though.

j / k navigate · click thread line to collapse

0 comments

m-schuetz1mo ago

Why woul building from source be safer? Are you veting every single line of third-party source code you compile and use?

g-b-r1mo ago

You're sure not vetting any byte of an executable, so building from source is safer.

m-schuetz1mo ago

1 more reply

tjwebbnorfolk1mo ago

yea `curl <url> | gcc` is much safer...

trympet1mo ago

Security through ..rarity? Maybe not for nation state actors though.

j / k navigate · click thread line to collapse