Skip Navigation

User banner

cqst [she/her]

@ cqst @lemmy.blahaj.zone

Posts
1
Comments
44
Joined
2 yr. ago

  • rule when .ml simps for putin

    Jump

  • Reject campism rule

    Jump

  • rule when .ml simps for putin

    Jump

  • Reject campism rule

    Jump

  • Reject campism rule

    Jump

  • Reject campism rule

    Jump

  • Reject campism rule

    Jump

  • Reject campism rule

    Jump

  • Reject campism rule

    Jump

  • firefox rule

    Jump

  • What's the most obscure distro you can think of

    Jump

  • Dragora Linux

    One of the coolest distros, ever. It's like a mix of Alpine Linux and Slackware without dangerous firmware payloads.

  • What's the most obscure distro you can think of

    Jump

  • No one thinks this. Even permissively licensed BSD operating systems package GPL software and accept it as Free Software.

  • What's the most obscure distro you can think of

    Jump

  • but their “final goal” is to switch the kernel to BSD (i.e. away from copyleft)?

    HyperbolaBSD is a hard fork, that relicenses the OpenBSD kernel as GPL (as permitted by permissive licenses.)

    HyperbolaBSD has already dug into the OpenBSD source tree and discovered numerous licensing issues.

    https://git.hyperbola.info:50100/~team/documentation/todo.git/tree/openbsd_kernel-file-list-with-license-issues.md

    HyperbolaBSD will be a truly libre distro that takes advantage of copyleft, while moving away from the major issues Linux is stepping into too.

  • I made a local APT repository that automatically fetches DEBs and AppImages from anywhere

    Jump

  • Unless I’m missing something, here we will disagree. Secure or not, FOSS principle-respecting or not, if I’m choosing to install software by X then I’m going to get it straight from X and not involve third-party Y too.

    Source code is like a recipe. Getting your food from the chef who made the recipe is fine, but getting it from another chef who... followed the same exact recipe is no different.

    This is how the linux software distribution model works, distro maintainers are a CHECK on upstream.

  • I made a local APT repository that automatically fetches DEBs and AppImages from anywhere

    Jump

  • I’m and end user

    Yeah, we all are. What's your point?

    End users are also developers. All computer users are developers. You are developing.

    user working for end users

    By making a script that lets me get backdoors and shitty packages with ease? The linux package distribution system is a nightmare, Debian is the least bad approach. There is basically always a better option to using a .deb file. If you come across something that isn't packaged, I recommend Flatpak, building from source (and installing unprivileged), or using the developers vendored tarball (installing unprivileged).

    https://wiki.debian.org/SecureApt

    By using local .debs you lose the benefit of:

    Reproducible builds

    GPG checksums

    Stable release model

    debian security team

  • I made a local APT repository that automatically fetches DEBs and AppImages from anywhere

    Jump

  • Why does Debian-Ubuntu not provide a simple command for this?

    You aren't supposed to add repos. Ever. https://wiki.debian.org/UntrustedDebs

    Apt is not built with security in mind, at all. The partial sandboxing it does do is trivial to bypass. Adding a repo is basically a RAT Trojan on your computer.

    An example is signal-desktop

    Yeah don't use signal. They restrict freedom 3 by making distribution difficult. Thats why they trick you into using their RAT repo.

    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842943

    The least bad option is the unofficial flatpak.

  • I made a local APT repository that automatically fetches DEBs and AppImages from anywhere

    Jump

  • Personally I need the desktop client because I mod it with plugins that are so useful that I can’t do without these anymore.

    Discord client modifications are against the Terms of Service. https://www.gnu.org/philosophy/free-sw.en.html

  • I made a local APT repository that automatically fetches DEBs and AppImages from anywhere

    Jump

  • If you are getting your code straight from the author,

    Which is not what you are doing at all with a .deb file. A .deb file is a binary with a bunch of scripts to "properly" install your package. Building from source is what you SHOULD be doing. Debian has an entire policy handbook on how packages are supposed to be packaged. Progrmatically you can review the quality of a package with 'lintian'. .debs made by developers following a wiki tutorial can't even come close. remember, apt installs happen as root and can execute arbitrary code.

    Also, debian packagers can be project maintainers, so they can be "the author."

  • I made a local APT repository that automatically fetches DEBs and AppImages from anywhere

    Jump

  • Well, I’m just automating what people currently have to do manually : visit GitHub and download DEB and install DEB.

    Yeah. You should never do that. Like ever. Build from source; or use a vendored tarball. https://wiki.debian.org/DontBreakDebian

    .deb is a terribly insecure nightmare thats held up by the excellent debian packagers, gpg , and checksums, and stable release model. don't use .deb files.