Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://hachyderm.io/users/jpetazzo/statuses/112491814100202919">Jérôme Petazzoni (jpetazzo@hachyderm.io)'s status on Friday, 24-May-2024 04:22:21 JST</a><a href="https://hachyderm.io/@jpetazzo" title="jpetazzo@hachyderm.io"><img src="https://gnusocial.jp/avatar/114081-48-20230422191822.webp" width="48" height="48" alt="Jérôme Petazzoni" style="position: absolute; left: 0; top: 0;">Jérôme Petazzoni</a><div><a href="https://transfem.social/notes/9tn2cthvknef0i2e" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/244119" title="puppygirlhornypost@transfem.social">Amber</a></li></ul></div></section><article><p><a href="https://transfem.social/@puppygirlhornypost">@puppygirlhornypost</a> <a href="https://hachyderm.io/@dalias">@dalias</a> I agree with you; I'm going to try to rephrase my initial question 😅</p><p>Given that virtually all¹ package managers have some way to run arbitrary postinstall scripts (as root!); what makes a deb/rpm/AUR/... better than curl|sh?</p><p>My stance is that if I install packages from "core" repos, I'm probably good, because these maintainers usually care *a lot* and to a fantastic job (at least compared to the average dev trying to package their stuff).</p><p>But with 3rd party stuff…</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3134162#notice-6205832">In conversation</a><time datetime="2024-05-24T04:22:21+09:00" title="Friday, 24-May-2024 04:22:21 JST">about 6 months ago</time> <span>from <span><a href="https://gnusocial.jp/notice/6205832" rel="external" title="Sent from gnusocial.jp via ActivityPub">gnusocial.jp</a></span></span><a href="https://gnusocial.jp/notice/6205832">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Jérôme Petazzoni (jpetazzo@hachyderm.io)'s status on Friday, 24-May-2024 04:22:21 JSTJérôme Petazzoni
in reply to
- Rich Felker
- Amber
@puppygirlhornypost @dalias I agree with you; I'm going to try to rephrase my initial question 😅
Given that virtually all¹ package managers have some way to run arbitrary postinstall scripts (as root!); what makes a deb/rpm/AUR/... better than curl|sh?
My stance is that if I install packages from "core" repos, I'm probably good, because these maintainers usually care *a lot* and to a fantastic job (at least compared to the average dev trying to package their stuff).
But with 3rd party stuff…
In conversationabout 6 months ago from gnusocial.jppermalink

Public

Embed Notice

HTML Code

Corresponding Notice