> I am just criticizing collecting data under the veneer of security or creating a dependence at this point.
This isn't a veneer. It's a signature check to ensure a package is what it says it is. Have you seen the hassle npm routinely goes through because of this? A centralized, trusted server is a sensible "default" setting. The fact that they offer a self-hosted solution is a great benefit.
> You can only be secure if your privacy is protected. That is the causal relation between these two needs.
Nonsense. I can have a completely secure system and everyone knows who I am. I can have an entire insecure system with zero means of identifying the owner and thus, remain private.
You aren't just conflating privacy and security, you are implying a casual relationship between them. Both are nonsense.
This isn't a veneer. It's a signature check to ensure a package is what it says it is. Have you seen the hassle npm routinely goes through because of this? A centralized, trusted server is a sensible "default" setting. The fact that they offer a self-hosted solution is a great benefit.
> You can only be secure if your privacy is protected. That is the causal relation between these two needs.
Nonsense. I can have a completely secure system and everyone knows who I am. I can have an entire insecure system with zero means of identifying the owner and thus, remain private.
You aren't just conflating privacy and security, you are implying a casual relationship between them. Both are nonsense.