Plus no backdoors

  • eduardog3000 [he/him]
    ·
    3 years ago

    If you are downloading the program at all, that means you are trusting its programmer. Downloading it from a repo is adding another party to trust vs downloading it directly from the programmer.

    • unperson [he/him]
      ·
      3 years ago

      If I apt install kdenlive and then run kdenlive, the program has never ran as root and cannot make itself run a service in the background, or log keystrokes, or install other things.

      If I download a package or an installer from the Internet the publisher runs a program as admin on my computer and can do whatever it wants, bundle adware, start hidden services, whatever.

      My distribution is not 'another party to trust'. It's the party I already trust the most. If I or someone else find something harmful in a program that's on the repo, I expect the distro to remove the program or patch out the harmful parts, while I don't expect the first-party installer to become better in any way.