{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreidsfije6ecn5n7qyo47ftwouagfaj3cldifrn6hur3zus24fr54qm",
    "uri": "at://did:plc:haakkg7y3xdghcdmprxeexso/app.bsky.feed.post/3mn5ristzwxg2"
  },
  "path": "/t/linux-packages-mirrors/38247#post_7",
  "publishedAt": "2026-05-31T13:18:56.000Z",
  "site": "https://discuss.privacyguides.net",
  "textContent": "Every package in the repositories is cryptographically signed. Your package manager checks and ensures that the package is genuine and made by the actual distribution maintainers.\n\nIt would decline the installation of a package that has been tempered with.\n\nSide note:\n\nThe original developers of a software do not usually provide the binary packages of their software. The distribution maintainers get the source code from the developers (upstream) and build the software. This process is highly automated, but includes some code reviews.\n\nConclusion:\n\nAll mirrors your distribution gives you to choose from are piratically safe. If any problem will emerge, it will be discussed in public and it will be fixed.\n\nIf you are taking risks with software sources, like you do using the AUR on an Arch based distribution for example, those risks will be clearly stated (like in Manjaros package manager interface).\n\nIf you add your own sources found on random websites, that’s when you clearly undermine security.",
  "title": "Linux packages mirrors"
}