I would be in trouble if I didn't trust jreilly1821 since he's one of the Bluefin maintainers. And the nvidia binaries come from an nvidia employee.

Hi I'm jreilly1821, I made those COPRs for Bluefin LTS. I guess I could put something malicious but you can see that they are all just packages from Fedora DistGit. I'm not sure what your preference would be? I think distros have mystique given to them that is misappropriated. At the end of the day they are mostly middlemen packaging someone else's code.

Bootc is and will change things, images will be tested as an integrated experience and we'll continue to strive to pull from as far upstream as we can.

Negativo17 is Simone, an NVIDIA employee who has been instrumental in packaging nvidia drivers for linux for years. I don't know for certain, but I wouldn't be suprised if they are also doing the official packaging for nvidia drivers as well. Needless to say they are very trusted and a known entity in the Linux community

I think I agree with what the grandparent poster wrote, and I'll try to expand on my reasoning. As a mildly paranoid user, I cannot possibly keep track all of all the individuals who maintain parts of Bluefin, no matter how much I like following all of you on Discord etc. I still don't even know what a DistGit or COPR is.

When I install a more corporate product such as Ubuntu or macOS, sure, it's also mostly middlemen repackaging other people's code. But it is clear what and who belongs to the company or team, and the team has a shared interest in protecting its reputation, and hopefully pwning or buying a single individual's accounts cannot infect everything else.

To that end, I agree that "consolidation" would help - sometimes that might mean controlled mirroring of things into the Bluefin org or so - but that is exactly what distros do, and I understand that Bluefin does not want to be a distro.

> I still don't even know what a DistGit or COPR is.

I agree, I hate all of this too. The wolfi version will be much better.