On Thu, Apr 26, 2001 at 11:13:46AM +0100, Paul J Collins came forth with:
> >>>>> "JW" == Jerry Walsh <jerry at aardvark.ie> writes:
> JW> there's no actual way of authenticating that the code hasn't
> JW> been tampered with, there's no way of telling its the real
>> The same goes for the packages you download.
but that's not true in the case of debian, and kind of for an rpm based system
with pgp keys setup correctly...
> While I'm not fan of running random shell code as root, I stopped
> foaming about this case once I realised that the packages you install
> are the equivalent; they all have the ability to run code as root.
> You are no more exposed by running the go-gnome.sh than you are by
> installing the packages.
You're trusting ximian with the packages (Which I don't do anyway, because
I use unstable (don't even try to install ximian on unstable, everything
goes very strange with version numbers)) but trusting them with
shell code is even more fun...
L.
--
Liam Bedford | Four thousand holes in Blackburn, Lancashire
Software Engineer | And though the holes were rather small
WBT Systems, Block 2, | They had to count them all
Harcourt Centre, Harcourt St. | Now they know how many holes it takes to fill
01-4170100 | The Albert Hall
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
