@tindall Nicely written and well-balanced!
A caveat: on threats from trusted vendors, I'm not what would be meaningful advice. Should we judge vendors by what they're known to have done, what people suspect they're doing (but isn't proven), or what they might do someday?
Apple's CSAM plan was delayed. Perhaps indefinitely. Now what?
Once we consider open-ended threats from security updates, any response from ignoring it to extreme paranoia could be justified, depending on your attitude.
@skybrian Glad you enjoyed it!
I think you know what my answer to that is - I _don't_ trust anything that can force an update on me without me being able to inspect it first. Hence my use of free software wherever possible.
@skybrian right now I use Debian and Arch. With reproducible binary packages, I can directly correlate cryptographic hashes ; with non reproducible binaries I need only trust the maintainer, which is still some trust but fits much better into my threat model. On Arch, a lot of software comes in version controlled source packages, and my package manager of choice (`yay`) provides a great workflow for inspecting those, and even on Debian I can build very security critical software myself, and sometimes do.
@skybrian imo the great thing is that it really gives you a dial you can turn of security vs convenience. A normal user can just install things and trust the maintainers, and as your use case gets more complex you can check the things you need to check as you need to check them. It's not all-or-nothing.