Re: Bug#405997: should executables be permitted to update themselves?
On Sun, 14 Jan 2007 19:51:22 -0000, Michael Gilbert <michael.s.gilbert@gmail.com> said:
> On Jan 14, 1:10 pm, "Shaun Jackman" wrote:
>> On a stable Debian system, system-wide upgrades can be far
>> between. I prefer to give the user a choice of whether to use the
>> update system provided by the upstream author to update the
>> software before the next stable release of Debian.
> like i said originally, my primary concern is security (although
> dfsg-ness and the issues described by others in this thread are
> quite important as well). allowing azureus to go out and get its
> own executable subjects the user to potentially malicious code that
> otherwise would not be there.
Why doe4s that not apply to iceweasel and gcc?
If azereus is going out and adding things to the users home
dir without the users knowledge, that would be one thing. But in this
case the users has initiated the action -- and trying to save the
user from themselves is not only a lost cause, it is wrong headed:
we do not remove the -rf options from rm; and nor should we dumb down
application so users may not do dangerous things if they so desire.
manoj
--
UH-OH!! We're out of AUTOMOBILE PARTS and RUBBER GOODS!
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/~srivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Reply to: