Our great sponsors
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
This is installed by adding a shady repository to your apt sources.list...
How is this a supply chain attack? My official debian repository have never been breached so far.
This is no different from downloading an .exe of a shady website and running it.
Also: https://packages.debian.org/search?keywords=download+manager... lists:
• uget: https://sourceforge.net/projects/urlget/
• kget: https://apps.kde.org/en-gb/kget/
• persepolis: https://persepolisdm.github.io/
why use "Free Download Manager"? Is this targeting new-comers from windows?
It doesn't have to be. Corporations which are FedRAMP[1] compliant, have to build software reproducibly in a fully isolated environment, only from reviewed code.[2]
[1] https://en.wikipedia.org/wiki/FedRAMP
[2] https://slsa.dev/