fsebugoutzone.org:9999

       Post AddF7sjWtnFNAnFIfo by Eclipse@nerdculture.de
 (DIR) More posts by Eclipse@nerdculture.de
 (DIR) Post #Adct6OhsqyRKlZMZM0 by BrodieOnLinux@linuxrocks.online
       2024-01-08T05:30:10Z
       
       0 likes, 0 repeats
       
       One of the great things about the #FOSS world is you can view and modify the source code of the apps you use but do you actually do it, do you verify any of the binaries you download and install? #Linux #OpenSource #FreeSoftware
       
 (DIR) Post #AdctpByv0p6wKZgswy by that_leaflet@fosstodon.org
       2024-01-08T05:36:12Z
       
       0 likes, 0 repeats
       
       @BrodieOnLinux Only scripts from online and AUR build scripts when I used to use Arch.
       
 (DIR) Post #AdcujARFw5ajlJdVsO by its_a_me@fosstodon.org
       2024-01-08T05:44:32Z
       
       0 likes, 0 repeats
       
       @BrodieOnLinux I trust my distro&#39;s repos.  If it isn&#39;t from my repo&#39;s distros, I typically build it from source.  Between dependency handling, the build process, and a quick look at the program entrypoint, I am fairly confident that what I&#39;m building will do what it claims to
       
 (DIR) Post #AdcviAlvJLK0ScOQAC by vintprox@techhub.social
       2024-01-08T05:59:34Z
       
       0 likes, 0 repeats
       
       @BrodieOnLinux This poll is a good reminder that compiled or already served #OpenSource software (online servers) requires an audit to be 100% sure in its safety. Perhaps, a verified #CI &amp; #CD pipeline makes it a reassurance enough to see it through?
       
 (DIR) Post #AdcvthvuML9IUdYzUe by atomicbirdseed@mastodon.au
       2024-01-08T05:59:49Z
       
       0 likes, 0 repeats
       
       @BrodieOnLinux I ride the wave hoping that other people are looking out for sharks.
       
 (DIR) Post #AdcwGz3EsdQ0FF5il6 by fenglengshun@mastodon.social
       2024-01-08T06:03:33Z
       
       0 likes, 0 repeats
       
       @BrodieOnLinux No. I know jack about doing proper source audit. And if the binary I got from package managers isn&#39;t correctly built then there are bigger issues going on.Only in special cases do I check the checksum and only in the case of scripts that aren&#39;t supet popular do I check what it does (so random dude&#39;s .sh file, yes, DetSys Nix installer script, no).
       
 (DIR) Post #Adcwb31pnnSSN80AHQ by datenimperator@social.cologne
       2024-01-08T06:05:17Z
       
       0 likes, 0 repeats
       
       @BrodieOnLinux I also trust my distros repos, so I don&#39;t regularly verify binaries. But access to sources has been very helpful in case of debugging.
       
 (DIR) Post #Add3s9iksBt1jJBM6y by nicemicro@fosstodon.org
       2024-01-08T07:29:11Z
       
       0 likes, 0 repeats
       
       @BrodieOnLinux I am on Arch because I trust the process they have (I used to lurk the dev public mailing list to see how things go), so binaries from there I trust.But, in case of the AUR, I prefer to do at least surface level validation on what&#39;s going on. This is why I would personally never use an AUR helper that blurs the line between the official repos and the user-uploaded build scripts that is the AUR.#ArchLinux #Linux #FreeSoftware #PackageManagement
       
 (DIR) Post #Add56jjdrxm5R076gK by tkk13909@fosstodon.org
       2024-01-08T07:43:41Z
       
       0 likes, 0 repeats
       
       @BrodieOnLinux I don&#39;t check source code because I trust people nerdier than I am to do it faster and better than I could. I do, however, check through bash scripts before running then because that&#39;s just common sense.
       
 (DIR) Post #Add5Z57TxJp5rjmSH2 by warriormaster@mastodon.social
       2024-01-08T07:47:38Z
       
       0 likes, 0 repeats
       
       @BrodieOnLinux Aaah, I was suppose to put ”yes, sometimes” and I can’t change my answer anymore.
       
 (DIR) Post #Add8S57BsHpLgczvbk by carmenm@mastodon.social
       2024-01-08T08:20:06Z
       
       0 likes, 0 repeats
       
       @BrodieOnLinux I&#39;ve never verified anything on my system (I use Debian, and I don&#39;t see a reason to distrust them). I do quite frequently look at the source when I wonder how something works, though.
       
 (DIR) Post #AddCnKgTaFjzs4tJg0 by TheStroyer@mastodon.social
       2024-01-08T09:08:47Z
       
       0 likes, 0 repeats
       
       @BrodieOnLinux I look at the source code if it&#39;s a small github project or some bash script. Everything that is packaged for my distro I trust.
       
 (DIR) Post #AddF7sjWtnFNAnFIfo by Eclipse@nerdculture.de
       2024-01-08T09:35:48Z
       
       0 likes, 0 repeats
       
       @BrodieOnLinux For me, it’s often as a learning resource rather than verification— I’m learning C, so I’m reading and trying to understand some of the smaller C programs I use daily
       
 (DIR) Post #Ade5TBVNUpnH5f6bvU by lenkotarski@urusai.social
       2024-01-08T19:22:48Z
       
       0 likes, 0 repeats
       
       @BrodieOnLinux brodie my good man i am not even fully comfortable with my terminal yet
       
 (DIR) Post #AdeIhMlvhYo9UawM76 by parzivalwolfram@infosec.exchange
       2024-01-08T21:52:00Z
       
       0 likes, 0 repeats
       
       @BrodieOnLinux Do you remember the Audacity and Classic Shell FossHub debacle? I do! It&#39;s not really enough to check the posted hashes when those can also be changed, or auto-update when the file to download changes. I think the only tell was the size changing by like 10MB, if memory serves?
       
 (DIR) Post #AdgvfgQjclbi3yqA2S by architect@linuxrocks.online
       2024-01-10T04:17:24Z
       
       0 likes, 0 repeats
       
       @BrodieOnLinux my package manager does that, and I&#39;m happy to defer trust to the maintainers for most things I don&#39;t end up writing myself