Downloaded .deb safe?
Stanislas Breton
stanislas_breton at yahoo.co.uk
Sat Apr 12 21:07:59 UTC 2008
Donn wrote:
>> practice and inspect the source code. If you're unable to inspect the
>> source code, or don't consider yourself technically competent to inspect
>> the source code for possible malware content, then don't install it.
>>
>
> But the deb is a compiled file and may have been made malicious by changing
> the code before producing the deb. It's a real conundrum that can only be
> solved by trust and that means using trusted repos or compiling the source
> manually.
>
> \d
Well, quite. The only relatively sure means of installing a safe package
is to either inspect and compile the source code yourself, or have it
audited for vulnerabilities by someone with a hell of a lot to lose ;)
Where this leaves Ubuntu's support for "Restricted Drivers" or the
contents of Canonical's commercial repository is an interesting question!
More information about the kubuntu-users
mailing list