It’s fine. Personally I don’t like RPM much, but maybe it’s better outside of RHELL

It’s a very short text

No, I don’t think those share AURs glaring security problems.

I kinda doubt that people who think AUR is a good idea are good at keeping their credentials secure.

EDIT: https://archlinux.org/news/active-aur-malicious-packages-incident/ They did it, an official message.

I wish they’d actually explain their findings/attack vectors so that people have a chance to stay ahead of this by reading the PKGBUILDs as recommended.

I don’t think it’s immediately obvious that the PKGBUILD installing some shit with npm is malware.

I got yesterday an email how one of the packages from this list that I used to maintain was adopted.

Least surprising thing ever. Nothing is reviewed or approved, not even proforma

Cosmic. It’s pretty good now but sometimes it feels a little slow.

It can be both

Removed by mod

Some of it. I also don’t assume that it’s secure.

Have you read it? Do you trust it unread?

Always seemed way too enterprisy for my taste.

Those things would need to be actually better than an Android phone with Termux.

Having an instance between the developer and the user that usually cares more for the user than the developer is actually good. That’s how you keep computer systems privacy conscious, how you check FOSS licenses are followed. It can also dampen/prevent supply chain attacks.

Creating a different user account for it is out of the question btw, since you can still change the password for that user via the primary admin account.

It’s Linux, on the local machine the root account is always going to be able to do things.

Does dedup no longer shred the file system?

Mainly because of the nginx RCE

there is more where that came from https://xcancel.com/IntCyberDigest/status/2053802477019906058