Re: Two malicious Python libraries caught stealing SSH and GPG keys
I don't get why doing basic 5-10 minutes research on Python libraries, then using the OS package manager to dl or compile them is paranoid
Because pip is very powerful tool, which for example create all needed dependencies while installing some package. Without it, it's very likely that installed package can be working with some problems (exceptions, bugs, broken launches and etc).
Don't be angry on me, but for me it's look like i tell you: "here is hammer, you can use it to hammer in nails" And you asnwer: "No, thanks, i will better use my head!"
I do far more extreme things in the name of security
Not using smartphones? Because it's well known fact that many programs on it (like instagram) can record any information through smartphone's receiver. Without you even notice. I have interesting story by myself
Or not using Intel component parts, because it's well known that they implement backdoors in their hardware.
I hope you're lucky enough to avoid any malware with your "saner" approach. If I'm crazy, I'd prefer to stay that way if it means I can avoid malware theft of my BTC
Everything in the world have bad point, normal point and overkill. Your way - it's obvious overkill, on my modest view.