Untitled attachment
https://eientei.org/media/719d7e62a02200ab49c0d7492e20646de5fb11237c8faf330a9c2c6855bef889.jpg?name=__brown_algae_and_horizon_ariadust_kyoukaisenjou_no_horizon_drawn_by_shikei__b08f47c4fc0611a83d1f52e2ebffe898.jpg
https://eientei.org/media/719d7e62a02200ab49c0d7492e20646de5fb11237c8faf330a9c2c6855bef889.jpg?name=__brown_algae_and_horizon_ariadust_kyoukaisenjou_no_horizon_drawn_by_shikei__b08f47c4fc0611a83d1f52e2ebffe898.jpg
Notices where this attachment appears
-
Embed this notice
eisai (eisai@eientei.org)'s status on Saturday, 24-Feb-2024 11:42:14 JST 
eisai
@lina You see, Rosa still uses open-source software. Most of which is the same for any distro. What distro maintainers do is simply verify the checksums of the original package, re-wrap it for their package system and off you go, my package. NodeJS issues are NodeJS issues, distro maintainers are not warrants from the evil intent that the creators of the software (or the creators of particular modules) may have. Distro maintainers keep the channel of software delivery, and their primary concern is that it would install and run in the current ecosystem of package versions. Their second concern is to verify, that they themselves get true software, verified by the checksums, and that the end users also receive verified packages (not altered by some third person while the package is downloaded). If the software devs pack in some malicious code, it just gets delivered by those properly maintained channels. It you don’t trust or dislike some open-source, that’s right, wary you should be. But instead of relying on distro maintainers, you should be avoiding or jailing particular software. Ah, whatever… *splisht*
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.