An HOA (home owners associations) can say what color you can paint your house, What you can plant in your yard, What you can have in your driveway, and some even say what color your blinds can be.
Microsoft controls your computer, they say what info is sent back to Microsoft, and they say when you must upgrade. They can shut down your computer when they want whether you like it or not.
So can Canonical. The difference is, they don’t.
Some HOAs are better than others.
Unfortunately, all it takes is a change in the HOA board to turn a better HOA into a badder HOA.
So far, and since I have been running Debian for a while now I don’t know about Ubuntu specifically, All the distros I have used either show an update is available, or you check for updates.
You have the choice and control to install the update and can do it later if now is not a good time. Or don’t install it at all, it’s your system.
Obviously, yes. My point is: Do you read and understand all changes in the code for each update? You need to trust the maintainers, cause they could theoretically push out any code with the update.
This is true of any OS, The people who build the OS for you to use can build in all kinds of sneaky stuff - see “Trusting Trust” about an invisible trojan in the C compiler. An issue with Microsoft Vs. Most Any Linux is the whether the maintainer’s goals and the User’s goals are oriented in the same direction. Microsoft wants to get data about you for whatever purpose whereas Most Any Linux maintainer’s main goal is to produce an OS that is as free of bugs and is as useful and as secure as possible.
Or like Fedora (and I’m sure more distros) nicely asks you if you want to update in a user initiated restart or shutdown, and if you say yes it does just that and updates to restart or shut down. My memories with Windows are having to remain in front of the computer to make sure I can turn it off after it reboots multiple times to update.
Please do tell how they would do that.
You trust their repos.
With every apt update, they could push whatever code they want onto your PC.
Same as with literally any binary-based OS.
Someone definitely reads the changed code of Gentoo packages. You are saying that every operating system on the planet is untrustworthy, besides gentoo and a few other source-based distros, but let’s target Ubuntu in particular.
That’s not what I’m saying.
I’m saying you need to trust the people making your OS cause no way in hell is anyone else able to audit every update they push.
Whether your OS is trustworthy depends on their history. In that regard, I’d give Ubuntu a solid B-
Fair enough
You’re so nice. Here they have deserved a C- for at least the last 5 years, and declined to a D during the last 2.
Not sure why you specify binary-based OS’s. Following Gentoo’s upgrade guide also gets you potentially whatever they want on your systemp
How does that work, exactly? I don’t actually know. Are they compiling their own copies of the upstream code changes?
Yes, they’re taking the source code from upstream, modifying (“patching”) it, compiling it, then uploading their compiled binaries to the Ubuntu repo where your system downloads them during an update.
You can technically download the source code as well, if you activate the source repo. But hardly any end user does. And the source code you get doesn’t compile to the same binary you get from the repo anyway. (This would be called a “reproducible build”. Some distros try to be reproducible. Ubuntu doesn’t, they have other priorities.)
Thank you. That makes sense why some downstream distros designed for specific purposes (e.g. gaming) might include a handful of their own repos for specific software.