undefined | Better HN

0 pointsJacobEdelman11y ago0 comments

You are willing to go through that much effort to download a single package? Sure I love my privacy and security but I have never had a problem on Ubuntu with that. If I ever have to do something particularly sensitive setting up a virtual machine or booting a different OS temporarily would be less effort.

0 comments

morganvachon11y ago

Do I verify signatures when downloading and building from source on Slackware? Yes, I do. Slackware itself comes with nearly all the software I need already. The few programs I need to get beyond that, I always verify hashes. I do this using a script I wrote myself (I'm not a programmer by trade but I can bash out a script, no pun intended). I really don't understand why that's surprising; slackbuilds.org encourages its users to verify source tarballs before compiling, and it's a few seconds of extra work.

hrjet11y ago

The few seconds of manual verification can add up, especially when millions of users do it. That effort could be better spent in auditing a middle-man tool and fixing it for the benefit of all.

j / k navigate · click thread line to collapse

0 pointsJacobEdelman11y ago0 comments

0 comments

morganvachon11y ago

hrjet11y ago

The few seconds of manual verification can add up, especially when millions of users do it. That effort could be better spent in auditing a middle-man tool and fixing it for the benefit of all.

j / k navigate · click thread line to collapse