‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On July 24, 2018 9:43 AM, Dan Ritter <d...@randomstring.org> wrote:
> On Tue, Jul 24, 2018 at 10:45:38AM -0500, Anil Duggirala wrote: > > > I am thinking about installing the Mega.nz app on my Debian Stretch > > installation. They provide a .deb package. Is there anything I can do to > > ensure this is a safe package? To know that this package will not create a > > security vulnerability on my system? What is the minimum security procedure > > to follow when installing third party provided .deb packages? > > Do you trust the people who wrote it? > > Do they provide the source? > > Do they give you instructions on how to build the source into a > package? > > Are you competent to read and understand the source? > > What do you stand to lose if you place your trust in them and it > turns out that they were incompetent or evil? > > -dsr- In addition to this, be sure not to break Debian: https://wiki.debian.org/DontBreakDebian https://wiki.debian.org/DebianSoftware#Footnotes Personally, I have a low degree of trust for Mega.nz, so caveat emptor.