Kyle Rankin  

@patrick yeah I wonder just how often distro package maintainers audit source code changes in general, not just for security-relevant changes which they are not likely able to detect anyway (if we are talking intentionally malicious changes that would attempt to obfuscate)

1
Zach "earboxer" DeCook
Follow

@kyle @patrick I contribute to the projects that I package. I often recognize other distribution package maintainers (whose names I know through repology) contributing too ... often to 'minor'/point releases.
The mentality is "this bug bugs me, I want it fixed before releasing to my [distro's] users", which may result in carrying a downstream patch which is quickly upstreamed, and sometimes encouraging upstream to release a point release with the fix.

· Web · 0 · 0 · 1
Sign in to participate in the conversation
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml