On Tue, Sep 25, 2018 at 07:04:18PM +0200, Enrico Weigelt, metux IT consult wrote: > Operator's workaround: > [..] > c) use apt pinning to restrict the Microsoft repo to only the > package 'skypeforlinux'
Please note that the Debian package pre/post inst/rm scripts run with full root privileges without any constraints on what they can do. If your threat model includes either a disclosure of Microsoft's APT repository signing key or malicious use of this key by Microsoft then this workaround does not address these threats. Thanks
signature.asc
Description: PGP signature
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
