Hacker News new | past | comments | ask | show | jobs | submit login

I wish we could kill this idea that the Windows/Macintosh model of running around the web finding random binaries to install is a good one. Every time I have to use a Mac or Windows machine and do this I find it a major chore, and also get pretty firmly freaked out by the number of spoof application homepages with trojaned installer "bundlings" you see flying around the web. could be an easy mistake to make for a less savvy user.

As for "it just works", I do wonder how long the rest of you have spent trying to get Postgres and psycopg2 reliably working together on a Mac. (Yeah, Postgres.app "just works"...)

It's a one-command, ten-second install on my Debian machine.




You shouldn't run "random binaries", but binaries from the original author of the software. E.g., Scribus from https://www.scribus.net/ or Subsurface from https://subsurface-divelog.org/. If you don't trust the original application author, then you should better not run the software at all.


For the average user this relies on the original author having the resources to be the top hit on google.


as long as you do proper signing of code, reproducible builds, then your security concerns go away. https://defuse.ca/triangle-of-secure-code-delivery.htm




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: