Embed Notice
HTML Code
Corresponding Notice
- Embed this notice@lina You see, Rosa still uses open-source software. Most of which is the same for any distro. What distro maintainers do is simply verify the checksums of the original package, re-wrap it for their package system and off you go, my package. NodeJS issues are NodeJS issues, distro maintainers are not warrants from the evil intent that the creators of the software (or the creators of particular modules) may have. Distro maintainers keep the channel of software delivery, and their primary concern is that it would install and run in the current ecosystem of package versions. Their second concern is to verify, that they themselves get true software, verified by the checksums, and that the end users also receive verified packages (not altered by some third person while the package is downloaded). If the software devs pack in some malicious code, it just gets delivered by those properly maintained channels. It you don’t trust or dislike some open-source, that’s right, wary you should be. But instead of relying on distro maintainers, you should be avoiding or jailing particular software. Ah, whatever… *splisht*