It’s really unbelievable at this point. It’s like that gentoo, meme, you have to compile your extension from sources. Even worse, as the ‘supply chain’ chain attack in ssh showed, you have to read the code yourself too. I am not sure if Linux becoming popular is a good thing anymore.