Its nice to share with others

Anyone does this with jellyfin?

The etiquette is to check it out, download it, and then return it within an hour.

What jerks are members at your library?

Yes.

All publishing infrastructure shouldn’t be trusted. Theres countless historical examples of this.

Use crypto. It works.

No, you download the key from many distinct domains and verify it matches before TOFU

In not talking about the CAC. I’m talking about the members of the botnet.

Or are you hinting at Linux based IoT devices?

Both are a security nightmare, if you’re not verifying the signature.

You should verify the signature of all things you download before running it. Be it a bash script or a .deb file or a .AppImage or to-be-compiled sourcecode.

Best thing is to just use your Repo’s package manager. Apt will not run anything that isn’t properly signed by a package team members release PGP key.

You’re telling me that you dont verify the signatures of the binaries you download before running them too?!? God help you.

I download my binaries with apt, which will refuse to install the binary if the signature doesn’t match.

No serious distro package manager doesn’t require cryptographic signatures in 2025.

Software deep managers are all rubbish except for maven

So basically the install instructions for Lemmy? No Lemmy data is safe.

Yeah and windows is famous for botnets lol.

Key being reduce. Https doesn’t protect from loads of attacks. Best to verify the sig.

If its not signed, open a bug report

Damn that’s bad misinformation. Its a security nightmare

I dont just cringe, I open a bug report. You can be the change to fix this.