this post was submitted on 16 Jun 2026
50 points (100.0% liked)
libre
10208 readers
8 users here now
Welcome to libre
A comm dedicated to the fight for free software with an anti-capitalist perspective.
The struggle for libre computing cannot be disentangled from other forms of socialist reform. One must be willing to reject proprietary software as fiercely as they would reject capitalism. Luckily, we are not alone.

Resources
- Free Software, Free Society provides an excellent primer in the origins and theory around free software and the GNU Project, the pioneers of the Free Software Movement.
- Switch to GNU/Linux! If you're still using Windows in
$CURRENT_YEAR, take Linux Mint for a spin. If you're ready to take the plunge, flock to Debian and design your dream system!
- Those on Apple Silicon Macs can consult Asahi Linux for available options.
Rules
- Be on topic: Posts should be about free software and other hacktivst struggles. Topics about general tech news should be in the technology comm or programming comm. That doesn't mean all posts have to be serious though, memes are welcome!
- Avoid using misleading terms/speading misinformation: Here's a great article about what those words are. In short, try to avoid parroting common Techbro lingo and topics.
- Avoid being confrontational: People are in different stages of liberating their computing, focus on informing rather than accusing. Debatebro nonsense is not tolerated.
- All site-wide rules still apply
Artwork
- Xenia was meant to be an alternative to Tux and was created (licensed under CC0) by Alan Mackey in 1996.
- Comm icon (of Xenia the Linux mascot) was originally created by @ioletsgo
- Comm banner is a close up of "Dorlotons Degooglisons" by David Revoy (CC-BY 4.0) for Framasoft
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
The AUR has tens of thousands of software build scripts (though in all fairness a lot of them are just downloading a binary from the Internet). This normally isn't an issue if you treat Arch as DIY and do your due diligence but folk wisdom has people picking things like "CachyOS" for that peak gaming
performance who stumble haphazardly onto the AUR since the Arch base repositories of vetted software doesn't cover everything.
This was bound to happen at some point since it's not 2002 anymore and the Internet is now an anarcho capitalist hell.
PyPi kinda has this issue too. The typo squatting epidemic has been discussed a few times.
I haven't had many issues with PyPi, but any package manager is just running someone else's code on your computer. You really should be reading the code, checking the sources, and validating the binaries with any officially supplied checksums.
The scariest situation is when someone has a dev dependency, that package is squatted or compromised, and an unpinned supply chain attack is carried out like what happens with NPM ever other day.
You can even see the discussions in that thread about the risk of a squatted package vendoring the real package or just pulling it in as a dependency during install, and sitting in the middle stealing whatever passes through.