Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
andy_ppp
on March 24, 2016
|
parent
|
context
|
favorite
| on:
Left-pad as a service
Okay so have you checked all of the apt repos you've added to sources over the years or has one of the ppa's changed to something malicious?
zeveb
on March 24, 2016
|
next
[–]
I've added exactly 0 apt sources, precisely because relying on ppas and the like is terribly,
terribly
insecure. Allow some random person to run code on my machine as root — that's
insane
.
roddux
on March 24, 2016
|
prev
[–]
I use Arch and only official sources, that are checked over and signed by a small well-trusted team[1]. Nothing like npm's model.
[1]:
https://www.archlinux.org/master-keys/
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
