Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is an "in addition to" problem though, not an "instead of" problem.

Having code reviewed the PKGBUILD doesn't mean the upstream software is safe to use, having reviewed the upstream software and it's dependency tree doesn't mean the PKGBUILD is safe to use.



Also have realized at some point that reviewing the PKGBUILD and code in github repo still doesn't check whether the github release files are compromised.


Build it yourself or bust




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: