I'm concerned about this bit in particular[1]: wget "$keyring_url" -O /tmp/cuda-keyring.deb dpkg -i /tmp/cuda-keyring.deb rm /tmp/cuda-keyring.deb
That's a classic predictable-name-in-tmp security issue. 1. https://git.launchpad.net/ubuntu/+source/add-nvidia-repositories/tree/add-nvidia-repositories#n112 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2089830 Title: [SRU] Make add-nvidia-repositories available in jammy and noble To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/add-nvidia-repositories/+bug/2089830/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
