I don’t think you understand how apt works. Anyone can roll out a mirror.
Also, again, the hashes need verification. Trusting the transport rather than a signature is obviously going to lead to compromise somewhere in the chain.
Look buddy, you do you. If you clearly already aren’t using the signatures provided with hashes when you use hashes, so it’s no bother to you. Apt, and I, will continue doing so.
6th gen battery isn’t soldered it’s a connector. Check iFixit. Replacements are pretty cheap. Even with a cracked screen and dead battery 15$ is a killer deal for a 6th gen!
OnePlus 6T runs great
How do you verify the hash?
So you trust every single mirror to never be compromised?
Everything got enshitified to increase shareholder value.
No, just weird positional dyslexia
What are you talking about? Everyone knows Alaska is on the bottom right of the map.
He was prepared for execution by electric chair, using a bible as a booster seat because Stinney was too small for the chair.
We’ll talk when protestors in the US are hanging and burning police officers.
Why would a retailer turn down an additional resource that drives customers to their site.
Why would independent artisans be obligated to sell their products through Amazon?
Python is demonstrably worst for the planet than Go.
Use yt-dlp to download the file and play is in MPV/VLC/Celluloid.
I’m not sure that’s a good idea security-wise.
You could always sign the messages with GPG or S/MIME.
Have you ever looked at the available packages in a Linux distribution like Debian or a BSD? There are thousands and thousands of library packaged to support software releases. Like I said, that had been the distribution model for the better of twenty+ years until this new, shittier, model.
That’s essentially how most distributions of Linux and Unix work. You package an app with a list of depencies like “libcaca >= 1.2.3” and that’s that. If that dependency isn’t available in the distro you need to have that packaged (and thus have a maintIner for said package) first. The distro’s package maintainers are responsible for keeping an eye on the upstream sources and provide reviews. Often there’s also a security team that watches for packages requiring expedited attention, and security backports.
Then this sort of crap like NPM came along and it became popular for devs to package their own dependencies.
I’m not super familiar with Maven so I could be wrong, but doesn’t Maven still pull depencies from upstream? That doesn’t fix the problem. Having depencies packaged in the OS means there is in theory some level of overview and review by the package maintainer(s).
Debian does as well for anything that is packaged; python, golang, rust, etc.
Howard needs that data.