Another idea would be to review and then hash scripts now and then - for example at times of major releases. Doesn't necessarily have to be the script author who does this. Recipes would keep the most recent scrutinized version available for download. An official recipe installer would then ensure that the scripts in the "last scrutinized release" hash correctly. That might protect a significant number of people who would choose to be safe. The fewer who might download a virus, the less of a target the scripts would be. One downside to this approach is that it would retard adoption of the last version of scripts. But you'd have to compare that to the chilling consequences that the discovery of a virus would have on the adoption rate.
I wonder how other projects handle this problem. Maybe Pmwiki has it because it's so oriented to customization. Randy On Sep 22, 2008, at 2:49 AM, Hans wrote: > Monday, September 22, 2008, 12:15:22 AM, Neil Herber (nospam) wrote: > >> I suppose authors could post an MD5 hash of the cookbook item, > > ... I would not like this extra work. _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
