"In a recent update, the Raspberry Pi Foundation installed a Microsoft apt repository on all machines running Raspberry Pi OS (previously known as Raspbian) without the administrator’s knowledge."
@hund Not that big of deal, since it's really easy to disable the repo. And for Raspberry Pi Foundations purpose, it's understandable why they did it, tho they could have done a better job explaining it.
@bpepple that's not the point. The point is they are slipping a source of executable code into an existing system without the consent of the owner.
It is then trivially easy to provide a package that is a newer version than the same package in a legit repo, and your system will pull it in and install it with no further notifications.
Enabling a remote repo is a distinct act of trust and must never be done lightly. By doing that you explicitly trust everything that comes down the pipe.
@fedops @hund And again, their target audience are students learning to code, not experienced linux users. They want to make it easier for the primary users to add one of the popular IDE's, and not have to mess with add a 3rd party repository.
You also seem to be assuming that Raspberry Pi OS developers haven't vetted it at all, and if you don't trust them to do this, then why are you even running the OS?
@bpepple then supply a clicky button that will explain to the user what's happening, ask for consent, set up the repo and install the application. That's not really harder to do. 20 lines of python and an icon on the desktop.
How would the RP developers vet a repo that's under some other organization's management?
Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.