On May 30, 2014, at 2:41 PM, W. Martin Borgert wrote:
Quoting Jeremie Marguerie jere...@marguerie.org:
Thanks for bringing that issue! I feel the same way when I install a
packet from a non-official PPA.
Unfortunately, every package can do anything: pre-inst, post-inst,
pre-rm, post-rm
Hans-Christoph Steiner wrote:
This could be approached another way. There could be scripts in the
packaging tools that mark a package if it does not run anything in any
of the scripts that does not come from the packaging tools. I think
many many packages would qualify here, most packages do
Quoting Jeremie Marguerie jere...@marguerie.org:
Thanks for bringing that issue! I feel the same way when I install a
packet from a non-official PPA.
Unfortunately, every package can do anything: pre-inst, post-inst,
pre-rm, post-rm run as root. If you don't trust a PPA the same way
you trust
On Sat, May 31, 2014 at 2:41 AM, W. Martin Borgert wrote:
in a VM or a container (not sure, whether a docker container is
considered safe enough, but chroot is not sufficient).
One of the Debian Linux kernel package maintainers doesn't consider
containers to be secure enough to rely solely on
4 matches
Mail list logo
