Hans-Christoph Steiner <h...@at.or.at> writes: > Third party package repositories are a thing, like Ubuntu PPAs, aptly, > JFrog Debian Repositories, etc. Unfortunately, due to Debian Apt's > design, that means giving root access to each repository (package > pre-install/remove/etc scripts are run as root).
I don't think it is related to APT, but rather it is a risk that is very common to packages like deb, rpm or similar that can run arbitrary code as root.
