![]() ![]() ![]() Only the original packager has the power to include malware into packages, because all packages are checked against any tampering by the package manager on your computer. However, If you are concerned about some third-party (for example, a mirror server owner, or a hacker with access to a mirror server) intercepting your downloads and serving you malware packaged into packages, that is impossible. Read and understand this before you add a third-party repo: The dangers of using 3rd party repos The same is true for any unofficial, third-party repositories you yourself add to your nf: you need to trust the people who maintain them in order to use them (so it’s a good idea to know who is the maintainer). It does not matter what package we’re talking about, whether it is something that every Arch Linux user has installed, like bash, or something very specific like filezilla – they are packaged by the same group of people so this trust is all or nothing. Without this trust, one should not be using Arch Linux. Specifically, we trust them not to intentionally or by omission package malware into the software we download from the official repositories. The mere act of using Arch Linux (or EndeavourOS) presupposes trust in the official repositories and their maintainers. Packages in it are packaged by somebody on the EndeavourOS team, probably or (unfortunately, the name of the packager is listed simply as “EndeavourOS”). EndeavourOS ships with an additional repo called endeavouros). Their names and email addresses are known to us (use pacman -Si package_name to see who packaged it). The packages in official Arch repositories ( core, extra, community, and multilib) are all packaged by Arch developers and Trusted Users. ![]()
0 Comments
Leave a Reply. |