Notepad++ have been there too
Then you realize very popular software and their official website actually are a one man show. Nobody is perfect and those things tend to work for years without security in mind. At the time it were built, supply chain attack was not invented yet.
Deja Vu
Linux package repositories win again. Downloading random executable files from sketchy websites will always be stupid
Tell me you didn’t read the article without saying you didn’t read the article.
Oh sweet summer child…
Nah. Nothing is perfect of course, but normalizing executing software sourced from random, untrustworthy websites will always be objectively worse than curated repos.
It is hardly a random untrustworthy site, it is the software publishers site. There is no reason that a package repo can’t suffer a similar attack.
Your confidence is entirely misplaced.
Oh I guess I should totally put my confidence in random sketchy websites. Great point!
It literally doesn’t matter if it’s a publisher site or not, users can’t tell the difference and it normalizes clicking links from a web search and running whatever software download the user sees first.
Go on then, explain to me how the well known software publishers website is random and sketchy.
I feel like you’ve demonstrated very effectively how users lack the skills to understand what they are reading online 😂
It isn’t a random, sketchy or inherently untrustworthy site.
You shouldn’t have any issue explaining how you would go about verifying that a software repo is trustworthy and how that differs from verifying a website.
Unless you don’t actually know what you’re talking about…
I’m glad I keep an archive of everything I download.
