Downloaded .deb safe?

Stanislas Breton stanislas_breton at yahoo.co.uk
Mon Apr 14 11:13:05 BST 2008


On 4/13/08, Michael Leone <turgon at mike-leone.com> wrote:
> Martin Laberge wrote:
>
>> Unless you read all the source, understand it, and compile
>> it yourself, with a compiler that you trust (compiled by you)
>> it is absolutely impossible to be sure of the program
>> you install.
>>
>> BUT, no-one is able to read all the source code of all the
>> parts of all the programs who compose a system.
>>
>> You are left with the possibility to trust someone, and do not
>> trust others.
>>
>> At least in linux you have this possibility, to random check a
>> couple of programs, if you wish. With other systems (Win, Mac,...)
>> you do not have that possibility, and you are left with
>> trust, (or distrust).
> Not exclusively; there are many open source programs for the Win
> platform, as well. OpenOffice, GiMP, all the GNU utilities are available
> for Windows (I know, I use them in my scripts, sometimes). So it's not
> *impossible*, but it is vastly harder.

Willy Hamra wrote:
> i find it impractical to read the source code of every program we get,
> i mean, let's just say i want openoffice, that is basically tons of
> source code to read!
> as mentioned earlier, signed packages from official repos can always
> be trusted,

Not if the server hosting the repositories' been compromised, as has
happened on at least two occasions to Debian:
http://www.debian.org/News/2003/20031202,
http://www.debian.org/News/2006/20060713.

> if the package comes from third party, you can check
> forums, surely there is a group of people who like the program and are
> discussing it somewhere. if the program is getting some good
> testimonies, then it has probably been tested by some people. Usually
> instinct is a good thing in these decisions :P

---------------
A: Top-posting.
Q: What is the most annoying thing in e-mail?







More information about the kubuntu-users mailing list