PPA security (was: Debian mirrors and MITM)
Quoting Jeremie Marguerie <firstname.lastname@example.org>:
Thanks for bringing that issue! I feel the same way when I install a
packet from a non-official PPA.
Unfortunately, every package can do anything: pre-inst, post-inst,
pre-rm, post-rm run as root. If you don't trust a PPA the same way
you trust your OS vendor (Debian, Ubuntu or whoever), install only
in a VM or a container (not sure, whether a docker container is
considered safe enough, but chroot is not sufficient).
Alternatively, download the package, unpack it, remove maintainer
script or check them carefully, check for s-bits on binaries etc.
repack it and install. I'm probably missing more checks here.
While it would be nice to have sth. like "less trusted sources" and
allow their packages only certain kinds of install/de-install
operations (i.e. no maintainer scripts) etc., it's hard to get
right and a broken solution would put users at risk.