Deutsch English Français Italiano |
<v69ltj$3dqr1$6@dont-email.me> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!2.eu.feeder.erje.net!3.eu.feeder.erje.net!feeder.erje.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: Alan <nuh-uh@nope.com> Newsgroups: misc.phone.mobile.iphone,comp.sys.mac.system,comp.sys.mac.advocacy Subject: Re: Is everyone as blissfully ignorant as the Apple zealots are? Date: Fri, 5 Jul 2024 13:43:31 -0700 Organization: A noiseless patient Spider Lines: 80 Message-ID: <v69ltj$3dqr1$6@dont-email.me> References: <v66duj$19j2$1@nnrp.usenet.blueworldhosting.com> <leo4v3Fkdk4U3@mid.individual.net> <v66v8d$1m0h$1@nnrp.usenet.blueworldhosting.com> <v672bj$6e7v$1@solani.org> <v69cnt$3cthk$1@dont-email.me> <v69esn$7sdm$1@solani.org> <v69ise$3dqr1$2@dont-email.me> <v69jgj$7utd$1@solani.org> <v69k8q$3dqr1$4@dont-email.me> <v69ld8$7vvs$1@solani.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Injection-Date: Fri, 05 Jul 2024 22:43:31 +0200 (CEST) Injection-Info: dont-email.me; posting-host="085621f7384e2df0d001de5407d0d000"; logging-data="3599201"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19zKPBLdYr81WEPtM49LC0hh9xKqYHsxOc=" User-Agent: Mozilla Thunderbird Cancel-Lock: sha1:fYSJG3EMpwgIcqTk/zNTbH1dsvw= Content-Language: en-CA In-Reply-To: <v69ld8$7vvs$1@solani.org> Bytes: 4584 On 2024-07-05 13:34, badgolferman wrote: > Alan <nuh-uh@nope.com> wrote: >> On 2024-07-05 13:02, badgolferman wrote: >>> Alan <nuh-uh@nope.com> wrote: >>>> On 2024-07-05 11:43, badgolferman wrote: >>>>> Chris <ithinkiam@gmail.com> wrote: >>>>>> badgolferman <REMOVETHISbadgolferman@gmail.com> wrote: >>>>>>> Andrew <andrew@spam.net> wrote: >>>>>> >>>>>> [snip typical nonsense] >>>>>> >>>>>>> >>>>>>> Personally I think they are so invested in the perfection of Apple that >>>>>>> they cannot bear the thought of there being flaws in its products. If >>>>>>> someone exposes such flaws, it invalidates everything they stand for. >>>>>> >>>>>> The other side of the coin is that some people are so eager to find flaws >>>>>> in Apple they forget to check basic facts. Like is this even anything >>>>>> within Apple's control? Hint: nope. >>>>>> >>>>>> >>>>> >>>>> If Apple software is dependent upon someone else’s software, it’s Apple’s >>>>> responsibility to ensure that software is safe. After all, it’s Apple who >>>>> tells us they are focused on safety and security. >>>>> >>>> >>>> Which you'll argue while at the same time arguing that Apple is wrong to >>>> do what it can to increase safety and security by using an app store. >>>> >>> >>> I have no problem with the App Store. But I do think the option to use >>> other stores should exist, with all warnings and check marks required for >>> you to advance. Apple shouldn’t be responsible for software they have not >>> vetted and if the customer still wants it then they are culpable if >>> something goes wrong. >> >> So now you say that Apple shouldn't be responsible. >> >> Make up your mind, huh? >> >>> >>> But this is a different situation. Apple used someone else’s software and >>> didn’t correctly vet that. It perpetuated itself deeper and has caused >>> security problems now. That’s on Apple. >>> >> >> CocoaPods is a dependency manager; a software tool you use to create >> software. It manages the dependencies you're using. It isn't software >> that itself winds up IN your software. >> >> So how could Apple reasonably check if some third-party software was >> built using it? >> > > Maybe I misunderstood, but I thought this problem also affected the Apple > software engineers. Where did you read that? > > In any case, I’m sure it’s virtually impossible to keep track of everything > but a company that touts its safety and security presence must do more. > Look at LastPass, they’ve become a joke. Again: What CocoaPods is is a tool used during software development for managing the libraries that a software developer uses, and after the software is deployed, the developer continues to use it to track updates to those libraries... ....but all of that takes place in a manner that is completely opaque to Apple. There is no practical way for Apple to detect the fact that the developers of CocoaPods screwed up and created a system that let bad actors claim ownership of the "Pods" (external libraries) that CocoaPods tracks and insert malicious code in them.