Re: Protections against a mad maintainer?

[jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]

> It just occured to me that any evil intentioned or mad maintainer could add
> 	rm -rf /
> or anything of this sort in a postinst script.

Yes. Or hide stuff in the binaries. You need root permissions to install
stuff in /bin etc.

> I just would like to know what kind of protection debian could offer against
> such an unpleasant event. I am sure Bruce cannot afford to be very picky in the
> choice of maintainers (there are orphan packages crying for one).
> 
> This is the kind of argument against Debian being used at large in my
> institute, the result being that half man pages are missing, even if you have
> such a complete manpath as

This argument is not limited to Debian. It is as valid for any binaries
whatsoever, including those in commercial systems (how do you know that
your nice Commercial Unix (or DOS, or...) will not autodestruct on 
March 4, 1997?)

This is a matter of trust.

If you don't trust binaries, install only a minimal system, read the
source (every line of it), understand it, compile it and install it.

At least with free software, you have the source...
(as Joey puts it: "never trust an OS you don't have the sources for").

And with Debian, uploads are PGP-signed by their (known) maintainer, so
you can at least be reasonably sure from whom they're coming from.

If I would want to destroy systems, I'd upload some binaries to sunsite;
with "reasonable" precautions, it is very difficult or even impossible to
trace them back to me.

This kind of subject comes up very often on comp.security.{unix,misc}
and likely comp.risks too.

Ray
-- 
ART  A friend of mine in Tulsa, Okla., when I was about eleven years old. 
I'd be interested to hear from him. There are so many pseudos around taking 
his name in vain. 
- The Hipcrime Vocab by Chad C. Mulligan