An HOA (home owners associations) can say what color you can paint your house, What you can plant in your yard, What you can have in your driveway, and some even say what color your blinds can be.
Microsoft controls your computer, they say what info is sent back to Microsoft, and they say when you must upgrade. They can shut down your computer when they want whether you like it or not.
So can Canonical. The difference is, they don’t.
So far, and since I have been running Debian for a while now I don’t know about Ubuntu specifically, All the distros I have used either show an update is available, or you check for updates.
You have the choice and control to install the update and can do it later if now is not a good time. Or don’t install it at all, it’s your system.
Obviously, yes. My point is: Do you read and understand all changes in the code for each update? You need to trust the maintainers, cause they could theoretically push out any code with the update.
Some HOAs are better than others.
Unfortunately, all it takes is a change in the HOA board to turn a better HOA into a badder HOA.
Please do tell how they would do that.
You trust their repos.
With every apt update, they could push whatever code they want onto your PC.
Same as with literally any binary-based OS.
Not sure why you specify binary-based OS’s. Following Gentoo’s upgrade guide also gets you potentially whatever they want on your systemp
Someone definitely reads the changed code of Gentoo packages. You are saying that every operating system on the planet is untrustworthy, besides gentoo and a few other source-based distros, but let’s target Ubuntu in particular.
That’s not what I’m saying.
I’m saying you need to trust the people making your OS cause no way in hell is anyone else able to audit every update they push.
Whether your OS is trustworthy depends on their history. In that regard, I’d give Ubuntu a solid B-
Fair enough
How does that work, exactly? I don’t actually know. Are they compiling their own copies of the upstream code changes?
Yes, they’re taking the source code from upstream, modifying (“patching”) it, compiling it, then uploading their compiled binaries to the Ubuntu repo where your system downloads them during an update.
You can technically download the source code as well, if you activate the source repo. But hardly any end user does. And the source code you get doesn’t compile to the same binary you get from the repo anyway. (This would be called a “reproducible build”. Some distros try to be reproducible. Ubuntu doesn’t, they have other priorities.)
Thank you. That makes sense why some downstream distros designed for specific purposes (e.g. gaming) might include a handful of their own repos for specific software.