Downloaded .deb safe?

Stanislas Breton stanislas_breton at
Sat Apr 12 21:07:59 UTC 2008

Donn wrote:
>> practice and inspect the source code. If you're unable to inspect the
>> source code, or don't consider yourself technically competent to inspect
>> the source code for possible malware content, then don't install it.
> But the deb is a compiled file and may have been made malicious by changing 
> the code before producing the deb. It's a real conundrum that can only be 
> solved by trust and that means using trusted repos or compiling the source 
> manually.
> \d

Well, quite. The only relatively sure means of installing a safe package
is to either inspect and compile the source code yourself, or have it
audited for vulnerabilities by someone with a hell of a lot to lose ;)

Where this leaves Ubuntu's support for "Restricted Drivers" or the
contents of Canonical's commercial repository is an interesting question!

More information about the kubuntu-users mailing list