One of the things that really sucks about Linux distributions not keeping up with packaging paradigms that fit this century is that they already had whole systems to avoid these sorts of supply chain attacks. Unfortunately most distribution packaging systems decided not to keep up. Because of this, over the last decade or so, Linux has turned into the untrusted-binaries-from-the-internet morass that Windows has always been.

I'm hoping the hostility to the way that users and developers want software comes to an end soon. In Debian recently it came to a vote for Kubernetes[1]. Happily Debian did decide to include Kubernetes. The strength of the fight from the other side and how narrow the decision is worries me though. It doesn't look like this is going to turn into a drive to going to those systems and figuring out how to make the packaging paradigms mesh.

In other words, I'd like to see the experts in packaging and supply chains from the distribution world participate with some of these other distribution systems rather than just rejecting the use-case. What's happening is that distribution packaging is becoming less useful, not that people are moving away from the new packaging systems.


· · Web · 0 · 0 · 0
Sign in to participate in the conversation

We come here in search of a place to express our thoughts outside of the direct control and surveillance of unaccountable, mega-corporations. There is no common theme that binds us other than these being the bonds we've chosen rather than those that have been chosen for us.