On Wed, January 9, 2008 1:25 pm, Aidan Gauland wrote: > Hello, > > I just downloaded the VirtualBox Debian package from the VirtualBox > website, and I looked inside the archive (using ar -x) and I found that > it installs quite a few files, and it has some post/pre install/remove > scripts which I can't quite make sense of. So I'm not entirely sure if > I can trust Innotek (or whoever made VirtuelBox) to not put something in > the package that would report back to their servers (spyware kind of > thing), or exploit the fact that I have to install the package as root, > and sneakily set something up for DRM purposes. Am I being paranoid? > Or am I right not to trust the package? I wouldn't worry about it if I > got the package from the Debian project. > > -Aidan > >
You are right to be sceptical, but in the end perhaps overly paranoid. I expect that more suspicious minds than you have looked it over and reported to /. Most packages have pre and post install scripts. If you have a specific concern, post the script here for someone more knowledgable to decipher. Of course you can't know what is inside a compiled binary, there may be a phone home inside the binary. Perhaps in the first instance install it on a throw away machine like a virtual machine running in vmware or similar. -- Nick Rout
