[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: third-party packages adding apt sources



On 21/05/2016 8:03 AM, Hakan Peker wrote:
> You looking for a technical solution to a social problem. sources.list
> exist for the very purpose that repositories can be added to the system.
> A system where this facility don't exist or restricted is a form of
> walled garden.
> 
> Adding an update repository for the very same package the user has
> deliberately installed is a *convenience*. It is disrespectful of admin
> modification only if the program keeps reverting the admin modification
> and doesn't provide an option to disable this behavior. At that point
> you would be better contacting upstream that you are not comfortable
> with the behavior and you want such an option to disable the repository.

The fact that a deb can run arbitrary code, then it MUST be trusted and
there are limits to how much trust I can give to outside third parties;
it is too great a risk as far as I am concerned.

Cheers
A.

Attachment: signature.asc
Description: OpenPGP digital signature


Reply to: