I’ll be the first to admit that I still have a lot to learn, but isn’t it kind of dangerous to rely on repositories with software that is often months out of date? I understand that security is a moving target, but I see so many people saying that getting apps from the official repositories is the safest option. This just seems incorrect to me. Can someone please illuminate?
In order to maintain software versions, package maintainers will often selectively pull git commits from the upstream projects that fix bugs / vulnerabilities in the code, while not pulling feature commits. Sometimes the pulled commits may need modifications to work properly on an old feature version of the software, which will also be done during the process. Alternatively, a software may be compiled with different feature flags to restrict functionality to mitigate bugs known in upstream.
Okay, I understood about 5% of what you just said, but I think I get the general gist of it. Thanks for your reply.
Basically, because they can look at the source code of individual applications and how it got changed over time, they can typically create alternative versions of the software, which doesn’t include the newest features, but does include bug fixes and security patches.