Why is Home Assistant not provided by popular Linux distributions?

It has access to security cameras and having to trust a ton of code downloaded with Docker is a no go.

https://github.com/home-assistant/core/blob/dev/requirements... lists all the direct dependencies installed in the container.

It's enough for just a single direct or indirect dependency to be compromised to have a botnet or turn it into something used for surveillance against the users.

Preventing it from exfiltrating data by isolating it from the network with Internet access is the only option if you want to run it. This requires local only devices.

Accessing it through the web UI or through the mobile app will still load icons from https://brands.home-assistant.io. The details are in this ticket https://github.com/home-assistant/frontend/issues/18549

omg one THOUSAND dependencies.

Those are just the direct dependencies as far as I can tell.

The frontend has its own dependencies.

There’s an official docker image, which is what I’ve been using forever a long time.

> What's done to assess the security of these numerous packages?

Nada.

And then tech companies fire engineers while making record profits.

> Doing a open source supply chain attack is not easy

When projects ship 600 dependencies it's really easy.

> not easy, fast or reliable for long.

It does not need to be long. One day is enough to compromise a system or a thousand.

One malicious dependency is enough. When you have 600 dependencies "tend to be pretty high quality" does not cut it.

Yes: cloudflare is not a charity.

MessagePack and CBOR allow zero-copy parsing.

citation needed

Huh?!

Cultural evolution in genetics is a current topic of research

For example:

https://www.cambridge.org/core/journals/behavioral-and-brain...