Re: third-party packages adding apt sources
Daniel Pocock <firstname.lastname@example.org> writes:
> Another thing comes to mind: making sure that even if the user
> explicitly allows some other repository, they are protected from package
> updates that come along and replace other things like apt itself, libc,
> bash, gnupg, ...
While this would be nice to prevent accidents, it's not clear that you can
really establish any security guarantees. You can protect against some
very obvious things, such as wholesale replacing core packages, but
postinst scripts still run as root and can do anything they want. So you
don't get any real security benefit here that I can see.
Russ Allbery (email@example.com) <http://www.eyrie.org/~eagle/>