the post is so obviously AI and OP has not responded to any comments. who is upvoting this?
Comment on Docker Hub's trust signals are a lie — and Huntarr is just the latest proof
SirHaxalot@nord.pub 15 hours ago
I’m like 90% sure that this post is AI Slop, and I just love the irony.
First of all, the writing style reads a lot like AI.. but that is not the biggest problem. None of the mitigations mentioned has anything to do with the Huntarr problem. Sure, they have their uses, but the problem with Huntarr was that it was a vibe coded piece of shit. Using immutable references, image signing or checking the Dockerfile would do fuck-all about the problem that the code itself was missing authentication on some important sensitive API Endpoints.
Also, Huntarr does not appear to be a Verified Publisher at all. Did their status get revoked, or was that a hallucination to begin with?
To be fair though the last paragraph does have a point,, but for a homelab I don’t think it’s feasible to fully review the source code of everything you install. It would rather come down to being careful with things that are new and doesn’t have an established reputation, which is especially a problem in the era of AI coding. Like the rest of the *arr stack is probably much safer because it’s open source projects that have been around for a long time and had had a lot of eyes on it.
aeluon@programming.dev 11 hours ago
irmadlad@lemmy.world 5 hours ago
Perhaps, but it brings up some good points to ponder.
EncryptKeeper@lemmy.world 7 hours ago
The account is 2 days old and this is its only post.
InnerScientist@lemmy.world 4 hours ago
Here’s what you can actually do:
Sure you wont always catch ai slop this way but you don’t need to read a line of code to at least be reasonably sure your arr stack won’t get to the family photos.