I am a long time, non power user, of Linux MINT and have been wondering for a while now how safe the easy to use Linux distros PPAs are. How careful should I be with adding new PPAs? How easy would it be for a hacker to compromise the majority of Linux personal computers by injecting compromised packages into a PPA, for example via some kind of man in the middle attack.
Package servers like PPAs are a boon to us casual Linux users who panics when we ever try to compile a piece of code ourselves. (What do all those options really do!?) But it always struck me as the perfect attack vector for anyone who wants to target the casual Linux users out there.
Especially when you can't resist adding unofficial PPAs to get the latest version of that Paint app you need. (Like when you are like me and like to use Linux for your artistic interests more than your technical. The purported extra bloatedness of appimages doesn't really matter in light of these fears, like Krita comes in, which is probably the best painting application there is.)