[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Packages that download/install unsecured files

On Thu Sep 17, 2009 at 21:26:38 +0200, Christoph Anton Mitterer wrote:

> One can differ between three classes of packages:
> 0) Packages who do not download anything from the web.
> 1) Packages which download stuff but this is just normal data like
> pidgin, firefox (I mean html here, not plugins), wget,..
> 2) Package installation already downloads something and installs this
> e.g. some font packages (msttcorefonts) or documentations (susv2/3) do
> this.
> 3) The package provides automatic update scripts (like here), where
> content that in principle belongs to the package is replaced/updated.
> Many packages do this (clamav-freshclam, rkhunter, tiger, some packages
> for firmwares)

  I'd add :

  4) The package downloads insecure code and directly executes it.

  For an example of this see #451303 - which is fixed - but a perfect


Reply to: