Hans-Christoph Steiner wrote:
> This could be approached another way. There could be scripts in the
> packaging tools that mark a package if it does not run anything in any
> of the scripts that does not come from the packaging tools. I think
> many many packages would qualify here, most packages
On May 30, 2014, at 2:41 PM, W. Martin Borgert wrote:
> Quoting Jeremie Marguerie :
>> Thanks for bringing that issue! I feel the same way when I install a
>> packet from a non-official PPA.
>
> Unfortunately, every package can do anything: pre-inst, post-inst,
> pre-rm, post-rm run as root. If
On Sat, May 31, 2014 at 2:41 AM, W. Martin Borgert wrote:
> in a VM or a container (not sure, whether a docker container is
> considered safe enough, but chroot is not sufficient).
One of the Debian Linux kernel package maintainers doesn't consider
containers to be secure enough to rely solely on
Quoting Jeremie Marguerie :
Thanks for bringing that issue! I feel the same way when I install a
packet from a non-official PPA.
Unfortunately, every package can do anything: pre-inst, post-inst,
pre-rm, post-rm run as root. If you don't trust a PPA the same way
you trust your OS vendor (Debian
4 matches
Mail list logo
