And, I forgot to mention: Firefox extensions. I note that the Mozilla Organization's https://addons.mozilla.org/ "portal" site contributes substantially to the problem of dangerous user attitudes, by having no entry about source code or licensing on any of the extension entries, but a large, prominent button marked "Download Now" on each. I've encountered Linux users who've been completely unaware that what they fetched via that site was proprietary software from nobody in particular, that they would not have trusted with their user-level security access if they'd been thinking more clearly.
I suggest we of the Linux community work harder to get out the message that, e.g., just because we recommend Adblock and NoScript, that doesn't mean we recommend downloading arbitrary extensions from any-old-where, and that, when we provide URLs to Adblock and NoScript's upstream Web sites, we don't mean you should get it from there: You should get maintained, audited packages from your distro maintainers, where available -- and assume code is dangerous unless you have reason to think it isn't.
Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds