• SmashingSquid@notyour.rodeo
    link
    fedilink
    English
    arrow-up
    9
    arrow-down
    3
    ·
    1 year ago

    Explain how adding a Microsoft repo that doesn’t actually install anything is the same as giving Microsoft access to your device?

    • Buffalox@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      5
      ·
      edit-2
      1 year ago

      OK if i must…

      The raspberry pi came preinstalled with a Microsoft developer tool, which resided in a Microsoft controlled repo.

      Now Microsoft has root access to your system, whenever you make any kind of upgrade, and can change dependencies for that tool to anything in their repo. Basically granting a third party control over your raspberry pi.

      The worst is that it’s very difficult to prevent, you may look up guides to prevent Microsoft repo, and even these solutions have shortcomings.

      https://arstechnica.com/gadgets/2021/02/raspberry-pi-os-added-a-microsoft-repo-no-its-not-an-evil-secret/

      On top of that, this enabled telemetry which is borderline illegal in EU.

      It also means you ping Microsoft with every use of your package manager, granting Microsoft very useful information on a competing OS, plus giving them information you may not wish to give them.

      You may consider all these issues as non issues, but I do not.

      Edit:

      It did not come preinstalled.

      • SmashingSquid@notyour.rodeo
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Finally, performing apt policy code confirms that Visual Studio Code was not actually installed on my system—it’s just easier to install (and update!) now, since its parent repository is part of my sources list, along with the GPG code verifying the contents of that repository.

        It didn’t come pre installed with the tool. It only had the repo. Did you even read your own link?