Re: Packages that download/install unsecured files

To: Christoph Anton Mitterer <calestyo@scientia.net>
Cc: debian-devel@lists.debian.org, Tom Feiner <feiner.tom@gmail.com>
Subject: Re: Packages that download/install unsecured files
From: Steve Kemp <skx@debian.org>
Date: Thu, 17 Sep 2009 23:13:10 +0100
Message-id: <[🔎] 20090917221310.GA19516@steve.org.uk>
In-reply-to: <[🔎] 1253215598.9026.57.camel@fermat.scientia.net>
References: <[🔎] 1253215598.9026.57.camel@fermat.scientia.net>

On Thu Sep 17, 2009 at 21:26:38 +0200, Christoph Anton Mitterer wrote:

> CURRENT SITUATION:
> One can differ between three classes of packages:
> 0) Packages who do not download anything from the web.
>
> 1) Packages which download stuff but this is just normal data like
> pidgin, firefox (I mean html here, not plugins), wget,..
>
> 2) Package installation already downloads something and installs this
> e.g. some font packages (msttcorefonts) or documentations (susv2/3) do
> this.
>
> 3) The package provides automatic update scripts (like here), where
> content that in principle belongs to the package is replaced/updated.
> Many packages do this (clamav-freshclam, rkhunter, tiger, some packages
> for firmwares)

  I'd add :

  4) The package downloads insecure code and directly executes it.

  For an example of this see #451303 - which is fixed - but a perfect
  example.

Steve
--

Reply to:

Follow-Ups:
- Re: Packages that download/install unsecured files
  - From: Christoph Anton Mitterer <calestyo@scientia.net>

References:
- Packages that download/install unsecured files
  - From: Christoph Anton Mitterer <calestyo@scientia.net>

Prev by Date: Processed: reassign 547220 to release-notes
Next by Date: Re: Packages that download/install unsecured files
Previous by thread: Re: Packages that download/install unsecured files
Next by thread: Re: Packages that download/install unsecured files
Index(es):
- Date
- Thread