Nah. Nothing is perfect of course, but normalizing executing software sourced from random, untrustworthy websites will always be objectively worse than curated repos.
Oh I guess I should totally put my confidence in random sketchy websites. Great point!
It literally doesn’t matter if it’s a publisher site or not, users can’t tell the difference and it normalizes clicking links from a web search and running whatever software download the user sees first.
It isn’t a random, sketchy or inherently untrustworthy site.
You shouldn’t have any issue explaining how you would go about verifying that a software repo is trustworthy and how that differs from verifying a website.
Unless you don’t actually know what you’re talking about…
I’ll just paste what I already wrote in hopes that your reading comprehension benefits from reading it a second time:
It literally doesn’t matter if it’s a publisher site or not, users can’t tell the difference and it normalizes clicking links from a web search and running whatever software download the user sees first.
Again, louder this time, PACKAGE REPOSITORIES WILL ALWAYS BE OBJECTIVELY BETTER THAN RANDOM, UNTRUSTWORTHY WEBSITES.
I guess you should trust NPM though because its a package manager!
You’re just encouraging people to blindly use and trust repos with no understanding of the pros or cons, and without understanding how you can verify and test software yourself to reduce risk. This is especially an easy conversaion when we talk closed source vs open source and you failed to even bring that up.
Repeating nonsense claims instead of actually considering the entirely reasonable question only highlights that you’re victim to the Dunning-Kruger effect.
You could have had a conversation and learned something from an actual cyber security professional and instead you’ve acted like a clown.
Nah. Nothing is perfect of course, but normalizing executing software sourced from random, untrustworthy websites will always be objectively worse than curated repos.
It is hardly a random untrustworthy site, it is the software publishers site. There is no reason that a package repo can’t suffer a similar attack.
Your confidence is entirely misplaced.
Oh I guess I should totally put my confidence in random sketchy websites. Great point!
It literally doesn’t matter if it’s a publisher site or not, users can’t tell the difference and it normalizes clicking links from a web search and running whatever software download the user sees first.
Go on then, explain to me how the well known software publishers website is random and sketchy.
I feel like you’ve demonstrated very effectively how users lack the skills to understand what they are reading online 😂
It isn’t a random, sketchy or inherently untrustworthy site.
You shouldn’t have any issue explaining how you would go about verifying that a software repo is trustworthy and how that differs from verifying a website.
Unless you don’t actually know what you’re talking about…
I’ll just paste what I already wrote in hopes that your reading comprehension benefits from reading it a second time:
It literally doesn’t matter if it’s a publisher site or not, users can’t tell the difference and it normalizes clicking links from a web search and running whatever software download the user sees first.
Again, louder this time, PACKAGE REPOSITORIES WILL ALWAYS BE OBJECTIVELY BETTER THAN RANDOM, UNTRUSTWORTHY WEBSITES.
Enjoy your ignorance and viruses
It doesn’t matter if the software is delivered via a publishers website or via a package repository if the supply chain has been compromised.
Clearly you’re not aware of any recent cyber security news or you’d know that the NPM package manager has suffered numerous attacks: https://www.bleepingcomputer.com/news/security/shai-hulud-malware-infects-500-npm-packages-leaks-secrets-on-github/
I guess you should trust NPM though because its a package manager!
You’re just encouraging people to blindly use and trust repos with no understanding of the pros or cons, and without understanding how you can verify and test software yourself to reduce risk. This is especially an easy conversaion when we talk closed source vs open source and you failed to even bring that up.
Repeating nonsense claims instead of actually considering the entirely reasonable question only highlights that you’re victim to the Dunning-Kruger effect.
You could have had a conversation and learned something from an actual cyber security professional and instead you’ve acted like a clown.
ItS nOt PeRfEcT sO iT cAnT bE bEtTeR
Cope.