Re: Is everyone as blissfully ignorant as the Apple zealots are?

On 2024-07-05 13:34, badgolferman wrote:

Alan <nuh-uh@nope.com> wrote:

On 2024-07-05 13:02, badgolferman wrote:

Alan <nuh-uh@nope.com> wrote:

On 2024-07-05 11:43, badgolferman wrote:

Chris <ithinkiam@gmail.com> wrote:

badgolferman <REMOVETHISbadgolferman@gmail.com> wrote:

Andrew <andrew@spam.net> wrote:

>
[snip typical nonsense]
>

>
Personally I think they are so invested in the perfection of Apple that
they cannot bear the thought of there being flaws in its products. If
someone exposes such flaws, it invalidates everything they stand for.

>
The other side of the coin is that some people are so eager to find flaws
in Apple they forget to check basic facts. Like is this even anything
within Apple's control? Hint: nope.
>
>

>
If Apple software is dependent upon someone else’s software, it’s Apple’s
responsibility to ensure that software is safe. After all, it’s Apple who
tells us they are focused on safety and security.
>

>
Which you'll argue while at the same time arguing that Apple is wrong to
do what it can to increase safety and security by using an app store.
>

>
I have no problem with the App Store. But I do think the option to use
other stores should exist, with all warnings and check marks required for
you to advance. Apple shouldn’t be responsible for software they have not
vetted and if the customer still wants it then they are culpable if
something goes wrong.

>
So now you say that Apple shouldn't be responsible.
>
Make up your mind, huh?
>

>
But this is a different situation. Apple used someone else’s software and
didn’t correctly vet that. It perpetuated itself deeper and has caused
security problems now. That’s on Apple.
>

>
CocoaPods is a dependency manager; a software tool you use to create
software. It manages the dependencies you're using. It isn't software
that itself winds up IN your software.
>
So how could Apple reasonably check if some third-party software was
built using it?
>

 Maybe I misunderstood, but I thought this problem also affected the Apple
software engineers.

Where did you read that?

 In any case, I’m sure it’s virtually impossible to keep track of everything
but a company that touts its safety and security presence must do more.
Look at LastPass, they’ve become a joke.

Again:
What CocoaPods is is a tool used during software development for managing the libraries that a software developer uses, and after the software is deployed, the developer continues to use it to track updates to those libraries...
...but all of that takes place in a manner that is completely opaque to Apple.
There is no practical way for Apple to detect the fact that the developers of CocoaPods screwed up and created a system that let bad actors claim ownership of the "Pods" (external libraries) that CocoaPods tracks and insert malicious code in them.