On 7/24/2018 6:43 PM, Dan Ritter wrote:
On Tue, Jul 24, 2018 at 10:45:38AM -0500, Anil Duggirala wrote:
I am thinking about installing the Mega.nz app on my Debian Stretch
installation. They provide a .deb package. Is there anything I can do to ensure
this is a safe package? To know that this package will not create a security
vulnerability on my system? What is the minimum security procedure to follow
when installing third party provided .deb packages?
Do you trust the people who wrote it?
Do they provide the source?
Do they give you instructions on how to build the source into a
package?
Are you competent to read and understand the source?
What do you stand to lose if you place your trust in them and it
turns out that they were incompetent or evil?
Also verifying signature using gnupg and checksum is a must (sha512).
--
John Doe
