Yeah, and trust that that your package repository (or more accurately some random contributor) has properly repackaged the program instead of you just downloading it straight from the publishers and knowing it will work and be safe (well, as safe as the publisher is).
Yes, I definitely trust my distribution way more than some random programmer. I already trusted my distro with admin access, a video editor doesn't and shouldn't run as admin.
If you are downloading the program at all, that means you are trusting its programmer. Downloading it from a repo is adding another party to trust vs downloading it directly from the programmer.
If I apt install kdenlive and then run kdenlive, the program has never ran as root and cannot make itself run a service in the background, or log keystrokes, or install other things.
If I download a package or an installer from the Internet the publisher runs a program as admin on my computer and can do whatever it wants, bundle adware, start hidden services, whatever.
My distribution is not 'another party to trust'. It's the party I already trust the most. If I or someone else find something harmful in a program that's on the repo, I expect the distro to remove the program or patch out the harmful parts, while I don't expect the first-party installer to become better in any way.
Yeah, and trust that that your package repository (or more accurately some random contributor) has properly repackaged the program instead of you just downloading it straight from the publishers and knowing it will work and be safe (well, as safe as the publisher is).
Yes, I definitely trust my distribution way more than some random programmer. I already trusted my distro with admin access, a video editor doesn't and shouldn't run as admin.
If you are downloading the program at all, that means you are trusting its programmer. Downloading it from a repo is adding another party to trust vs downloading it directly from the programmer.
If I
apt install kdenlive
and then run kdenlive, the program has never ran as root and cannot make itself run a service in the background, or log keystrokes, or install other things.If I download a package or an installer from the Internet the publisher runs a program as admin on my computer and can do whatever it wants, bundle adware, start hidden services, whatever.
My distribution is not 'another party to trust'. It's the party I already trust the most. If I or someone else find something harmful in a program that's on the repo, I expect the distro to remove the program or patch out the harmful parts, while I don't expect the first-party installer to become better in any way.
Yes.