What exactly stops a rogue package maintainer from pushing malware to us Gnu/Linux users?

What exactly stops a rogue package maintainer from pushing malware to us Gnu/Linux users?

It's all malware.
You didn't think they did it for free, did you?

delete...

The fact that someone would notice and they would no longer be a package maintainer after that.

Unless you use Arch and accept packages up your ass from every literally who on the internet. I hope you packed some lube.

>Unless you use Arch and accept packages up your ass from every literally who on the internet

ha-ha... yeah i don't... ha...

>uses arch cause "bleeding edge"
>gets mad when things break and they can't fix it

Things rarely if ever break

Fixing them is generally a simple google search or AT WORST chroot.

...

Don't install shits and please verify all the updated modifications before upgrading your system. It's quite long but this is the price of security.
Furthermore it will force you to use less software and later to create your own ones, it's pretty fun and maybe the most secure way to use a computer these days. Spending one or two hours a day on it is not a real sacrifice.
People are becoming lazy and it begins to be really problematic.

It's open source?
What stops wintoddlers getting malware? Oh wait, it's the only platform that consistently has malware.

So I'm suppose to write my own libraries, frameworks and APIs?

Should i maybe write my own os, kernel and cross-compiler too?

yes but im curious what stops it.

Like can't a package maintainer get hacked, and then the hacker pushes malware through it? Is that even possible?

Simply i'm just worried that even libraries can have like a one line very hidden backdoor hidden somewhere

Yes, it's possible for people to get hacked. We done here?

Yes.

You can just copy/paste verified code from another projects too.
Every developers are doing it all the time!

why am i not doing this yet?

Do people even write their own code anymore"?

Copy/pasting has some limits too.
But yes some people use myriad of packages/modules to do simple things.

That's exactly why some people are creating AI that writes their own code.
Human is too insecure by nature to write software.

Nothing, but it's enough if the software itself gets compromised. The compromised update on something like Arch will be pushed to the users by next day.

Probably there are CIA/NSA agents embedded as package maintainers and contributors to various software which they deem a good strategic target.

...

Why am I not doing this yet?

I got stuck thinking I needed to crate everything from scratch myself and thus I never created anything ever

That's why some people use containers and sandboxes everywhere.

What's your goals? What's your strategy?

I don't know

I just want to create something, or make money or something. Over the years I picked up and learned some programming languages and played around with libraries but then i never made anything

How do I make money? Should I do web development?

So your goal is making money. Your strategy is doing software.
That's great, you're not lost at all.
Now you have to find niche things that people like and try to monetize them, it can be recording advanced tutorials on a specific thing or just sharing niche porn and doing sex toys affiliation.
However don't expect to earn thousands of dollars by months tomorrow, it's a very long process.

All I know is a bunch of abstract programming concepts. How do I actually create something practical, or learn how to?

It doesn't even need to earn money, I just want it to be of use to somebody. Money is just the best gauge of the demand for the product.

The most profitable jobs:
Developing and selling his own cosmetics > Developing and selling his own industrial foods > Selling clothes > Corrupted politician > Exploit web casinos > Offshore file sharing website with ads and paid subscriptions

Nothing complicated but nothing funny too, these activities are pretty boring. You can try to become a slut in Las Vegas too. Jobs are everywhere!

You will never be of use to somebody if you can't actually create your own path (or find a fucking path on your own). Begging for others to create a step by step guide on how to 'be of use to others' is fucking useless, anyone can be that retard.

I wrote my own software for my own needs and one day somebody asked me where he could find this application. He was my first paid customer.

I'm not looking for a step by step guide I'm just looking on how to get started. I'm in for the long-haul, not to quickly do anything. I'm willing to spend many years but I just need to figure out a path which I'm stuck on.

But what about when the containers and sandboxes get backdoored?

Nothing.

Just as nothing stops a rogue company from including malware in their proprietary software for whichever platform.

It's all hoping we're decent enough people to not do it based on the concept that we're doing FOSS for greater good and a private company is making software to earn money. In neither of those scenarios including malware is beneficial to the releasing party.

But then you got the likes of Memesoft.

Some security measures may include having more than one maintainer for every package.
And of course designing the operating system to damage control actually makes it in.

Damn, solid proof there buddy.

Stay out of the testing repos and don't use AUR for system critical shit like your kernel or drivers and shit won't break.

>CIA niggers as package maintainers

cuntdestroyer(ver. 2017).jpg