By upgrading Raspbian, a Microsoft apt repo will be installed without asking or warning

… but not in zynthianOS, my friends!! And i’m really angry about this!!

I just blocked the package that installs the MS repo, but if you upgraded (apt upgrade) on the last days, you could have the repo already installed on your zynthian. In such a case, i strongly recommend you to remove it ASAP.

I would like to say to the people on RBPi foundation that allowed this to happen that THIS IS NOT OK AT ALL!!. It’s a BIG error and worst, a BIG disrespect. You can’t add a repository from a 3rd party (including the GPG key!) without asking. May be you trust MS, but you don’t have the right to decide for your users. You MUST warn and ask before doing such a thing. By doing so you are allowing MS to update any package on the system, replacing it by a MS version. Probably they wont do that, but they could potentially do it. By doing such a move, RBPi foundation is loosing my confidence because they don’t show respect by users. I hope they rectify ASAP.

Regards,

I agree, definitely a huge miss-step from the Raspberry Pi foundation.

On a related note, it might be worth noting that, as far as I understand, Raspberry Pi’s aren’t truly open anyway. They depend on (or at least used - Blob-less Raspberry Pi Linux Is A Step Closer | Hackaday ) a closed source bootloader blob.

I haven’t looked into it recently, and certainly not since the Pi 4, but although there was progress being made on an opensource bootloader, it required extra work on the part of the user, and was still very buggy.

A different issue to the Microsoft repository tho. Among other things, this reminds me of U2 and iTunes. Clumsy at very best.

Funnily enough I m trying to get Visual Studio Code debug components included in legitimate repos for ease of development, but Agreed it’s not an open source thing to do…
I suspect there’s been a bit of of pro rata mutual benefit at work here…

I have actually started using Visual Code Studio for developing Zynthian. I did install it on my Zynthian and used it with X-forwarding but have since found it easier to use the ssh plugin to edit code from my laptop. I haven’t read the full story but happy to see closed source / proprietary software available for Linux. I appreciate that this should be a user driven experience but there are many users who don’t understand technology much and just want it to work. (Maybe less so for users of VS Code!) For those users I can see that providers may want to make it easy to obtain the software they want. If I find time I will read the full story and better understand people’s concerns.

BTW I think Zynthian should be its own (flavour of) disto with its own repositories so that we can benefit from upstream Debian without it breaking our system if we update. This would mean marking some packages to use our repos - I haven’t looked into it much but it feels like the right thing to do.

i hadn’t quite gotten around to it yet, but I also want to use visual code studio on my zynthian. I use it on my pc to program Arduino’s, Teensy, ESP32’s and Esp8266’s and more recently, i have been looking at blackpill and obviously pi pico. Trying to build for different platforms is really hard with the arduino editor, but visual code studio and platform io can be configured to use the platfom settings in the individual projects. As I will be having various of these devices plugged into my zynthian via usb, it seems only logical to update using the pi.

I must stress, Visual Code Studio is actually a very nice environment. Sorry, I will be switching it back on for my zynthian.

Nothing wrong with VSCode, or using it, on your Zynthian or otherwise. I find myself using it more and more these days too. (Tho with vim emulation)

People are objecting not because VS Code is available on the Pi, which has been possible for some time, nor that there are available repositories, but because they have been enabled by default on millions of Raspberry Pi’s. This would be the first time my sources.list has been modified without my explicit instruction before.

It’s more than just licensing concerns, and more than just revealing a great deal of user data to Microsoft too, it is adding a pre-authorised third party repository that can install updates on your system without your consent.

Third party repositories are easy to add, and if they wanted to could easily turn the Microsoft repositories into a simple toggle somewhere in raspi-config or the GUI, but instead they decided to do it this way. Very poor form.

A Youtube Opinion Video on the subject and a few lines to remove Vs Code

PlatformIO IDE embraced by a number of microprocessor coders, is a Ukraine developed, there were suggestions that nm1.platformio.org is located in Russia,? (the team says platformio*org is hosted in Germany) could have more serious privacy threats than Microsoft.