this post was submitted on 17 Sep 2024
444 points (99.1% liked)
Open Source
30924 readers
73 users here now
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Useful Links
- Open Source Initiative
- Free Software Foundation
- Electronic Frontier Foundation
- Software Freedom Conservancy
- It's FOSS
- Android FOSS Apps Megathread
Rules
- Posts must be relevant to the open source ideology
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon from opensource.org, but we are not affiliated with them.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I too wish the developer would respond, but I don't think this is the catastrophe people are making it out to be. One comment seems to explain why these binaries are included:
While this is true, it only requires the shim and grub to be copied for another distro.
From other comments there are a lot more blobs than just these two.
It sounds like most, if not all, come from upstream projects.
Would be nice if the dev can respond and confirm that...
I think they did say that in the older thread. But for proper security, you shouldn't have to trust them. You should have build tools that will re-fetch everything to create an identical build. That gives a clear chain of custody, which proves that morning has been tampered with.