On Thu Sep 17, 2009 at 21:26:38 +0200, Christoph Anton Mitterer wrote: > CURRENT SITUATION: > One can differ between three classes of packages: > 0) Packages who do not download anything from the web. > > 1) Packages which download stuff but this is just normal data like > pidgin, firefox (I mean html here, not plugins), wget,.. > > 2) Package installation already downloads something and installs this > e.g. some font packages (msttcorefonts) or documentations (susv2/3) do > this. > > 3) The package provides automatic update scripts (like here), where > content that in principle belongs to the package is replaced/updated. > Many packages do this (clamav-freshclam, rkhunter, tiger, some packages > for firmwares)
I'd add : 4) The package downloads insecure code and directly executes it. For an example of this see #451303 - which is fixed - but a perfect example. Steve -- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
