Well if you wanted to compromise F-Droid you could target their build server's ME or a cloud vm's hypervisor.
To do a supply-chain attack on Google's SDK would be much more expensive and less likely to succeed. Google isn't going to be the attacker.
The recent attack on AMI/Gigabyte's ME shows how a zero-day can bootkit a UEFI server quite easily.
There are newer Coreboot boards than Opteron, though. Some embedded-oriented BIOS'es let you fuse out the ME. You are warned this is permanent and irreversible.
F-Droid likely has upgrade options even in the all-open scenario.
"17 apr 2004 — GPL testing in court by the Netfilter/Iptables team, due to refuse to give source code of the Sitecom WL-122 (isl3893 based!). In the same time, some source code has appeared on the webserver of Sitecom."
I was a kid in the 80's and would regularly see $5 interest credits on my meager savings, free ATM, free phone banking (don't laugh) and they even set it up for me that if I went below $20 in my checking the system would pull $50 from my savings. 1986 or so - overdraft fees hadn't been invented.
After the dot-boom/bust The Fed "aggressively pursued ZIRP (zero interest rate) policies". Mortgages got much cheaper but fees replaced the interest income.
Somebody is paying either way. It used to be the loan holders. I even remember my local bank having a stack of a hundred toaster ovens to give to anybody who opened an account. They wanted your business so you would do your loans with them.
I quite preferred that America though it might be possible to argue that getting nickel-and-dimed everywhere is overall cheaper. But that was at the height of Americans' real purchasing power from wages and I'm disappointed that my kids had to grow up in the opposite environment. Maybe this will change before they will be shopping for a home. I read recently that real wages (purchasing power) were actually higher during the Great Depression. Soaring highs on the Dow don't matter much to people when all the productivity gains during that period have been transfered to financialized everything to make that NGU. The system needs to be stable for us to all benefit. "The Gini Coefficient is too damn high" as they say.
Others, note that the new archive name is 'stable-security'. You might need to update your pins if you upgraded from Buster and you're not seeing the update now. I put in a pull request to add it to the release notes.
You don't have to be faster than the bear, just faster than the other camper. Assuming the bear is just hungry, that is; if you messed with her cubs, she's coming for you specifically.
These are, of course, opportunistic targets and specific targets. Moving the ssh port helps with the former, but not the latter.
There is some economic cost with portscanning everything, but the bigger impact is that if you moved your ssh port you're more likely to also have turned off password auth and more likely to be running fail2ban and more likely to be running an IDS. Spammers don't want to deal with you making their livelihood more difficult. Poor spammers.
People who see brute force attacks chasing their port moves are probably specific targets. Ears up.
To do a supply-chain attack on Google's SDK would be much more expensive and less likely to succeed. Google isn't going to be the attacker.
The recent attack on AMI/Gigabyte's ME shows how a zero-day can bootkit a UEFI server quite easily.
There are newer Coreboot boards than Opteron, though. Some embedded-oriented BIOS'es let you fuse out the ME. You are warned this is permanent and irreversible.
F-Droid likely has upgrade options even in the all-open scenario.