Re: What is the best way to manage 3rd party debs?

To: Aniruddha <mailing_list@orange.nl>
Cc: debian-user@lists.debian.org
Subject: Re: What is the best way to manage 3rd party debs?
From: Osamu Aoki <osamu@debian.org>
Date: Tue, 26 Aug 2008 00:38:53 +0900
Message-id: <[🔎] 20080825153853.GB4452@osamu.debian.net>
Mail-followup-to: Aniruddha <mailing_list@orange.nl>, debian-user@lists.debian.org
In-reply-to: <[🔎] 1218611521.3862.12.camel@Desktop>
References: <[🔎] 1218573734.31955.8.camel@Desktop> <[🔎] 20080812210431.GB12360@lapse.rw.madduck.net> <[🔎] 1218580261.31955.28.camel@Desktop> <[🔎] 20080812223921.GA15521@lapse.rw.madduck.net> <[🔎] 1218581909.4070.6.camel@Desktop> <[🔎] 20080812230532.GA16481@lapse.rw.madduck.net> <[🔎] 1218583439.3942.5.camel@Desktop> <[🔎] 20080812234449.GA17298@lapse.rw.madduck.net> <[🔎] 20080813002540.GA4036@kodama.kitenet.net> <[🔎] 1218611521.3862.12.camel@Desktop>

On Wed, Aug 13, 2008 at 09:12:01AM +0200, Aniruddha wrote:
> On Tue, 2008-08-12 at 20:25 -0400, Joey Hess wrote:
> > martin f krafft wrote:
> > If these examples didn't make sense to someone, don't install third party
> > packages from untrusted sources, no matter how much checking you do..
> > 
> I'm not worried about purposeful malicious intent (otherwise I would
> just use a chroot). I want to prevent an accidentally badly build deb
> from wrecking my system. 

So far, badly created {post|pre}{inst|rm} has been the source of trouble
in this respect for me with Debian unstable itself from this respect.

Non-Debian package's quality check in this respect can be done
relatively simply by using mc to look into binary package.  But you
never know what does the binary files do when executed unless you check
the source.

If you feel its needs to be inspected, I think it is time to rebuild it
by yourself and run lintian etc. to test its compliance to Debian policy.

Regards,

Osamu

PS: Please remember that installing package created by someone is giving
packager a full root authority of your machine.

Reply to:

References:
- Re: What is the best way to manage 3rd party debs?
  - From: Aniruddha <mailing_list@orange.nl>
- Re: What is the best way to manage 3rd party debs?
  - From: martin f krafft <madduck@debian.org>
- Re: What is the best way to manage 3rd party debs?
  - From: Aniruddha <mailing_list@orange.nl>
- Re: What is the best way to manage 3rd party debs?
  - From: martin f krafft <madduck@debian.org>
- Re: What is the best way to manage 3rd party debs?
  - From: Aniruddha <mailing_list@orange.nl>
- Re: What is the best way to manage 3rd party debs?
  - From: martin f krafft <madduck@debian.org>
- Re: What is the best way to manage 3rd party debs?
  - From: Aniruddha <mailing_list@orange.nl>
- Re: What is the best way to manage 3rd party debs?
  - From: martin f krafft <madduck@debian.org>
- Re: What is the best way to manage 3rd party debs?
  - From: Joey Hess <joeyh@debian.org>
- Re: What is the best way to manage 3rd party debs?
  - From: Aniruddha <mailing_list@orange.nl>

Prev by Date: Re: how to try OOo's 3.0 beta deb on Debian?
Next by Date: Re: What is the best way to manage 3rd party debs?
Previous by thread: Re: What is the best way to manage 3rd party debs?
Next by thread: Re: What is the best way to manage 3rd party debs?
Index(es):
- Date
- Thread