this post was submitted on 29 Feb 2024
192 points (98.0% liked)

Open Source

40954 readers
953 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 6 years ago
MODERATORS
Cloak@lemmy.ml
kevincox@lemmy.ml
CrypticCoffee@lemmy.ml
Lettuceeatlettuce@lemmy.ml
192
Over 100,000 Infected Repos Found on GitHub (apiiro.com)
submitted 2 years ago by Zerush@lemmy.ml to c/opensource@lemmy.ml
26 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] delirious_owl@discuss.online 17 points 2 years ago (2 children)

Friends dont let friends install software that isn't signed.

Use apt.

[–] Pantherina@feddit.de 12 points 2 years ago* (last edited 2 years ago) (1 children)

Lol apt

Or to frame it differently, use a package manager and not appimages etc.

[–] delirious_owl@discuss.online 3 points 2 years ago (1 children)

AppImages actually do have (optional) support for signatures.

[–] Pantherina@feddit.de 2 points 2 years ago (1 children)

They have no update feature afaik, how does this work? What verified this signature, the user?

[–] delirious_owl@discuss.online 2 points 2 years ago (1 children)

Its a subcommand of the AppImage. The developer adds the signature to the AppImage and the user verifies it after download with the subcommand.

[–] Pantherina@feddit.de 1 points 2 years ago

Thats nice, didnt even know there was an interface for managing appimages?

[–] andreas@lemmy.korfmann.xyz 3 points 2 years ago

I mean, yeah but not everything is available over apt. I try to use it whenever I can though