Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

No, it's not. If Debian had a community-maintained repo of additional packages, the same thing could happen there.

The fundamental problem is having something that has very loose oversight and next to no controls. That may have worked in the past, but in the day and age of constant supply chain attacks, it's a major liability.



GP was talking about why Arch isn't used in enterprise, not what happened in the post.


Community-maintained repo is again a choice/option, how does that changes from LTS to Rolling release ?




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: