Re: .deb packages and security

To: debian-user@lists.debian.org
Subject: Re: .deb packages and security
From: Dan Purgert <dan@djph.net>
Date: Mon, 4 Jun 2018 13:09:18 -0000 (UTC)
Message-id: <[🔎] slrnphaefu.3q1.dan@xps-linux.djph.net>
References: <[🔎] 1528114834.3988673.1395602768.5C7541E9@webmail.messagingengine.com>

Anil Duggirala wrote:
> hello,
> I know installing .deb packages downloaded from websites is not a good
> practice in terms of software management in Debian. I would like to
> know if I should have security concerns when installing a .deb package
> "manually" (using gdebi for example) ?

Do you trust the provider of the *deb package?  If so, you should be
fine.  If you want to take it a step farther, see if there's a (sha256)
checksum for the package.

> Is it possible that by downloading the skype .deb package and
> installing it, I am creating a security vulnerability in a Debian
> system?

Well, Skype is a Microsoft product ... :)


-- 
|_|O|_| Registered Linux user #585947
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5  4AEE 8E11 DDF3 1279 A281

Reply to:

Follow-Ups:
- Re: .deb packages and security
  - From: john doe <johndoe65534@mail.com>

References:
- .deb packages and security
  - From: Anil Duggirala <anilduggirala@fastmail.fm>

Prev by Date: Re: What's the difference between the dialout and tty groups?
Next by Date: Re: Not power off after shutdown in Jessie
Previous by thread: Re: .deb packages and security
Next by thread: Re: .deb packages and security
Index(es):
- Date
- Thread