Maintainers Matter

The case against upstream packaging (postscript)

Comments are moderated. It may take a few minutes before your comment appears.
Markdown is supported in your comments.

  • The promise: Software directly from the ISV has a complete chain of trust and is better for users.
  • The reality: This is only true if the ISV won't try to sneak something in. You don't need to have blind trust in your maintainers, but don't get rid of them either. Instead, verify their work with your own builds and examine the chain of trust the distribution provides. Distros are usually way more open about the chain of trust than ISVs are.
Mail: (not shown)

Please type this: