• XLE@piefed.social
          link
          fedilink
          English
          arrow-up
          2
          ·
          22 days ago

          And the AUR is not currently accepting registrations, so some degree of vetting is clearly happening in both cases. I don’t know how stringent for either.

          This wasn’t supposed to be a perfect one to one comparison, just an interesting sidenote lol

          • Cethin@lemmy.zip
            link
            fedilink
            English
            arrow-up
            4
            ·
            21 days ago

            I think they’re currently taking extra precautions, because of this event. I don’t think they were vetting users before. Regardless, it’s significantly less controlled than the Microsoft store. The equivalent of that is the official repository, not the user repository.

          • Cethin@lemmy.zip
            link
            fedilink
            English
            arrow-up
            2
            ·
            21 days ago

            That’s like saying that github is equivalent to the Microsoft store. Sure, they provide the space for the repository. It’s controlled by users though, as the name implies. It isn’t the official repository, like the Microsoft store is the official “repository” for Windows.

            • lastweakness@lemmy.world
              link
              fedilink
              English
              arrow-up
              2
              ·
              21 days ago

              Yeah, perfect analogy. No amount of external helper tools making installs from GitHub easier would change the security implications. (Cargo-binstall is an example of such a helper.)