this post was submitted on 17 Sep 2024
458 points (99.1% liked)

Open Source

31717 readers
86 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
 

I had no idea this issue had been identified. While I find this tool very useful, the project is seeming rather questionable to me now.

you are viewing a single comment's thread
view the rest of the comments
[–] sorter_plainview@lemmy.today 9 points 3 months ago* (last edited 3 months ago) (3 children)

This is a bit absurd. I really don't think this is as serious as some comments say. Also there is a comment from AUR package manager which explains more details. . And even the blobs in the first post there are source and build instructions in their respective folder.

[–] pastermil@sh.itjust.works 20 points 3 months ago

And even the blobs in the first point there are source and build instructions in their respective folder.

No it is not. It is supposedly the built result based on the instruction provided. If they can just provide that instruction, why not provide the source as well?

The issue thread also highlights the stubbornness and hostility of the project maintainer toward possible contributors.

[–] AnitaAmandaHuginskis@lemmy.world 13 points 3 months ago (1 children)

I firmly believe there are no backdoors or anything dodgy going on here

OK but that's hardly reassuring.

[–] pastermil@sh.itjust.works 6 points 3 months ago

Not suspicious at all.

[–] thingsiplay@beehaw.org 13 points 3 months ago

That linked reply doesn't explain anything. It just says "bro trust him". Just because you and the AUR maintainer says its trustful, does not make it clear whats behind the binary blobs. It doesn't matter what anyone says, if we can't verify. In my opinion, its absurd calling others absurd for not trusting the word of others.