this post was submitted on 22 Nov 2024
110 points (91.0% liked)
Linux
48335 readers
410 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Please do tell how they would do that.
You trust their repos.
With every apt update, they could push whatever code they want onto your PC.
Same as with literally any binary-based OS.
Someone definitely reads the changed code of Gentoo packages. You are saying that every operating system on the planet is untrustworthy, besides gentoo and a few other source-based distros, but let's target Ubuntu in particular.
That's not what I'm saying.
I'm saying you need to trust the people making your OS cause no way in hell is anyone else able to audit every update they push.
Whether your OS is trustworthy depends on their history. In that regard, I'd give Ubuntu a solid B-
You're so nice. Here they have deserved a C- for at least the last 5 years, and declined to a D during the last 2.
Fair enough
Not sure why you specify binary-based OS's. Following Gentoo's upgrade guide also gets you potentially whatever they want on your systemp
How does that work, exactly? I don't actually know. Are they compiling their own copies of the upstream code changes?
Yes, they're taking the source code from upstream, modifying ("patching") it, compiling it, then uploading their compiled binaries to the Ubuntu repo where your system downloads them during an update.
You can technically download the source code as well, if you activate the source repo. But hardly any end user does. And the source code you get doesn't compile to the same binary you get from the repo anyway. (This would be called a "reproducible build". Some distros try to be reproducible. Ubuntu doesn't, they have other priorities.)
Thank you. That makes sense why some downstream distros designed for specific purposes (e.g. gaming) might include a handful of their own repos for specific software.