Path: ...!feeds.phibee-telecom.net!news.mixmin.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: Lawrence D'Oliveiro <ldo@nz.invalid>
Newsgroups: comp.os.linux.advocacy
Subject: Re: Linux advocacy
Date: Thu, 3 Oct 2024 23:12:37 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 11
Message-ID: <vdn8d5$3tl7t$3@dont-email.me>
References: <vcvabp$3bcrt$7@dont-email.me>
	<7pb6fjh0mrcih3gahbk9onfesi9n0ngbff@4ax.com> <vcvil8$3co45$1@dont-email.me>
	<o1k6fj1r84geskevh0fk3ogkldg0h47fu6@4ax.com> <vd070h$3ina5$1@dont-email.me>
	<vd07f3$3itrt$2@dont-email.me> <llhtvpF9t8cU5@mid.individual.net>
	<1r0gc88.1facivp5nvjmgN%snipeco.2@gmail.com>
	<llj54nFg2tnU2@mid.individual.net>
	<2g09fjlgj2teoogoh2s789lb1opqjja53o@4ax.com>
	<bid9fjpf3uhcevktrc5d83if39tafpcf5v@4ax.com> <vd2srh$2ohs$4@dont-email.me>
	<da3bfj1rbd78ct1dhikqj28fk5uhu2q11u@4ax.com> <vddk1c$254hd$6@dont-email.me>
	<slrnvflgcf.lr8.candycanearter07@candydeb.host.invalid>
	<_iHKO.243816$v8v2.95799@fx18.iad>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Fri, 04 Oct 2024 01:12:38 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="53e6a1f358fb9450cb41203dd8d281a9";
	logging-data="4117757"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX19zMTDjFPoAoLXcGeQVHTSp"
User-Agent: Pan/0.160 (Toresk; )
Cancel-Lock: sha1:li9yifyP3XD10p4sHGS7gksCsdI=
Bytes: 1989

On Mon, 30 Sep 2024 20:24:24 -0400, CrudeSausage wrote:

> There's nothing wrong with signing software if you want to limit the
> damage of malware.

The Linux distros manage this by signing the distribution packages, not 
the installed binaries. Also they make it easy for users to add third-
party signing keys (and repos) to the package-installation system.

In short, there are ways to do it that are not actively hostile to Open 
Source.