One thing I wish folks knew better about "Linux" that the annoying evangelists never seem to care to mention.
One of the most important differences from other platforms if *how you get your software*.
You don't download it from the author/publisher who might be (these days, is) bundling malware.
You don't get it from a walled garden with commercial incentives to let publishers hurt you.
You don't have to fumble around Google trying to find if the site offering it is reputable.
You get it from a party, usually made up of dedicated volunteers, who believe in the platform and who are vetting all the software they build and package for you. Usually the same one you got your base system from.
A deb/rpm repository isn't much more than that. You dump packages in a directory and run a single command to extract the metadata into an index file. 'createrepo' or its C reimplementation for rpm, 'dpkg-scanpackages' for deb. That's all that's *required*. You then export said directory over http or mount it and you can install these packages with all the dependency tracking.
@dalias @draeath @ska @SRAZKVT
- replies
- 1
- announces
- 0
- likes
- 1
I mean yes if you're going to be serious about building a binary repository then higher-level tools like reprepro to track packages and their versions in different suites so that you get auto cleanup of old versions and easy metadata signatures are definitely useful, but they're absolutely not required.
@SRAZKVT @dalias @draeath @ska
@dalias They're able to, but I don't think any have? Generally speaking, the closest any distros really do is just integrating specific packages, but other than choosing Firefox-ESR over mainline Firefox, I just don't see much at the distro level... Unfortunately, Firefox-ESR isn't immune...
Honestly though, the most fundamental issue is the same all around: that they keep doing harmful things right there in the very base code itself. I'm seeing forks that are doing their best to manually clean it up and they're working really hard to compensate, but then you see stuff like something slipping through in LibreWolf and you know there are too few devs and not enough spoons and stuff is going to always slip through.
In the end, the fundamental issue is Mozilla itself.
@nazokiyoubinbou @dalias distros are able to package most programs in a way that strips out harmful features, but ironically firefox is one exception where it's so difficult to package that even Debian has a mozilla employee (who is also a DD) doing that work
even before the LLM brainworms took over, they had a conflict of interest where features like pocket shipped in the apt version of firefox despite being overwhelmingly unpopular
(all this not to detract from your overall point which is correct and awesome, but it would be better to find a different example than Mozilla)