Aniruddha wrote: > On Tue, 2008-08-12 at 14:41 -0400, Hubert Chathi wrote: >>> No, they can't. Not without your expressed consent... >> [...] >> >> They can't, if they just use the normal Debian archive contents. >> However, packages can do all sorts of things via installation scripts. >> >> Then again, the package could hide all sorts of things. (Think: >> trojaned binary.) If you don't trust your package source, you shouldn't >> install their packages. > > I'm not worried about a malicious packages. I am more concerned that a > 3rd party deb damages the system by mistake. > > By default I install all 3rd party binary and source packages in a > ~/programs folder. That way I don't have to worry about fubaring my > system. > > I like to do something like that for deb packages too. Who knows a good > solution? > > If 3rd party deb doesn't contain 'Replaces' field, dpkg will refuse any try to break any file owned by existing packages.
-- Eugene V. Lyubimkin aka JackYF, Ukrainian C++ developer.
signature.asc
Description: OpenPGP digital signature
