That only applies to unstable distros. Stable distros, like debian, maintain their own versions of packages.
Debian in particular, only includes security patches and changes in their packages - no new features at all.* This means risk of breakage and incompatibilitu is very low, basically nil.
*exceot for certain packages which aren't viable to maintain, like Firefox or other browsers.
https://forgejo.org/compare-to-gitea/
I dunno, some of these are a pretty big deal, in particular:
Gitea repeatedly makes choices that leave Gitea admins exposed to known vulnerabilities during extended periods of time. For instance Gitea spent resources to undergo a SOC2 security audit for its SaaS offering while critical vulnerabilities demanded a new release. Advance notice of security releases is for customers only.
Gitea is developed on github, whereas forgejo is developed on and by codeberg, who use it as their main forge (also mentioned on that page). Someone dogfooding gives me more confidence in the software.
https://moonpiedumplings.github.io/blog/twitch/
I like to watch people program on twitch. Seeing people suffer with code reminds me that I am not alone.
The comparison isn't quite right because you can use git with any provider (Github, gitlab, etc), including multiple at once.
On the other hand, snap is hardcoded to only be able to use one store at a time, the snap store. To modify this behaviour, you would have to make changes to the snap client source code.
It's a crucial difference.
What? Github is not open source.
And plenty of people have issues with Github: https://sfconservancy.org/GiveUpGitHub/
their entire hosting site is, itself, proprietary and/or trade-secret software
sn1per is not open source, according to the OSI's definition
The license for sn1per can be found here: https://github.com/1N3/Sn1per/blob/master/LICENSE.md
It's more a EULA than an actual license. It prohibits a lot of stuff, and is basically source-available.
You agree not to create any product or service from any par of the Code from this Project, paid or free
There is also:
Sn1perSecurity LLC reserves the right to change the licensing terms at any time, without advance notice. Sn1perSecurity LLC reserves the right to terminate your license at any time.
So yeah. I decided to test it out anyways... but what I see... is not promising.
FROM docker.io/blackarchlinux/blackarch:latest
# Upgrade system
RUN pacman -Syu --noconfirm
# Install sn1per from official repository
RUN pacman -Sy sn1per --noconfirm
CMD ["sn1per"]
The two pacman commands are redundant. You only need to run pacman -Syu sn1per --noconfirm once. This also goes against docker best practice, as it creates two layers where only one would be necessary. In addition to that, best practice also includes deleting cache files, which isn't done here. The final docker image is probably significantly larger than it needs to be.
Their kali image has similar issues:
RUN set -x \
&& apt -yqq update \
&& apt -yqq full-upgrade \
&& apt clean
RUN apt install --yes metasploit-framework
https://www.docker.com/blog/intro-guide-to-dockerfile-best-practices/
It's still building right now. I might edit this post with more info if it's worth it. I really just want a command-line vulnerability scanner, and sn1per seems to offer that with greenbone/openvas as a backend.
I could modify the dockerfiles with something better, but I don't know if I'm legally allowed to do so outside of their repo, and I don't feel comfortable contributing to a repo that's not FOSS.
I'm using eternity, which hasn't received any updates, on my phone, and the default lemmy web interface on my computer.
Maybe I need to try some other options.
This is just straight wrong. iMessage on android has worked by connecting to a remote Mac, which then connects to imessage. The protocol is locked to their hardware.
And, even if there was a true open source reimplimplementation of iMessage, that would say nothing about the security of Apple's proprietary implementation of the iMessage end to end encryption.
Because some of us have fat fingers and accidentally downvote when we scroll on mobile.
One of the things I liked about reddit was that, since it saved downvoted posts, I could go through the list every once in a while and undownvote the accidents.
Can't do that here though, and I sometimes notice posts or comments I've accidentally downvoted.
Anyway, people shouldn't care so much, we don't have a karma system or the like here anyways, so why does it matter?
When syncthing is configured to go both ways (the default), it also syncs any deletions. You can somewhat get around this by something like one way sync, but it's not really a proper "backup" software.
Personally, I like to treat data synced by syncthing, even between multiple machines, as one copy of the data when I am following the 3-2-1 backup rule*, because syncthing won't save me from a buggy program deleting all my files or user error, or anything like that.
*See wikipedia for info about the 3-2-1 backup rule.
What stops companies from having a shell corporation use the code, and then that shell company rents "services" at a very low cost to a large corp?
I'm thinking something of the opposite if what Google does, where Alphabet (""located"" in Ireland) rents the Google logo to Google, allowing Google to say that their revenue is much less than it actually is.
EDIT: After some research, it seems that they stopped doing that: https://www.theguardian.com/technology/2020/jan/01/google-says-it-will-no-longer-use-double-irish-dutch-sandwich-tax-loophole
But a similar scheme being applied to this license does concern me.