"In a recent update, the Raspberry Pi Foundation installed a Microsoft apt repository on all machines running Raspberry Pi OS (previously known as Raspbian) without the administrator’s knowledge."

@hund Not that big of deal, since it's really easy to disable the repo. And for Raspberry Pi Foundations purpose, it's understandable why they did it, tho they could have done a better job explaining it.

@bpepple @hund I disagree. VS Codium, maybe. But VS Code with integrated spyware? That's an act of aggression.

@fedops @hund That's utter nonsense. The Raspberry Pi Foundation's goal is to 'promote the study of computer science and related topics, especially at school level', and this they feel helps that. They are *not* the FSF, whose primary goal is to promote Free Software.

@bpepple that's not the point. The point is they are slipping a source of executable code into an existing system without the consent of the owner.

It is then trivially easy to provide a package that is a newer version than the same package in a legit repo, and your system will pull it in and install it with no further notifications.

Enabling a remote repo is a distinct act of trust and must never be done lightly. By doing that you explicitly trust everything that comes down the pipe.


@fedops @hund And again, their target audience are students learning to code, not experienced linux users. They want to make it easier for the primary users to add one of the popular IDE's, and not have to mess with add a 3rd party repository.

You also seem to be assuming that Raspberry Pi OS developers haven't vetted it at all, and if you don't trust them to do this, then why are you even running the OS?

@bpepple then supply a clicky button that will explain to the user what's happening, ask for consent, set up the repo and install the application. That's not really harder to do. 20 lines of python and an icon on the desktop.

How would the RP developers vet a repo that's under some other organization's management?


@fedops @hund I'm sure they are in contact with MS, just like Fedora was when we worked with Fluendo to provide an mp3 package.

@hund ah I was wondering why it was there. I thought Pi-hole added it when I updated it!

@fedops @blueberry @hund I can confirm that as true since i removed that extra repo today.

@mzumquadrat thanks.

This really gets my blood pressure up. I've always liked the RPF for what they do and stand for but that is just not acceptable.

@blueberry @hund

Sign in to participate in the conversation

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.