[wiki] Third party untrusted code instructions

[Robie Basak]

Hi,

I just came across
https://help.ubuntu.com/community/ManualFullSystemEncryption/DetailedProcessPrepareInstall
via
https://community.ubuntu.com/t/can-we-get-real-full-disk-encryption/8802

I'm concerned that this page instructs users to download and run a
script from Dropbox. It looks well intended, but I think it presents a
number of problems:

1) The code hasn't been vetted by a developer trusted by the Ubuntu
project, unlike all code shipped by Ubuntu itself.

2) Has anybody at all vetted that the code is safe for users to run?

3) A compromise of the unknown Dropbox user's account could lead to
a compromise of any user's system who follows these instructions after
that compromise.

4) More generally, the code could change at any time, out of control of
the Ubuntu project, without any audit trail, and immediately invalidate
any previous audit made by community members.

5) It normalises the idea that it is OK for users to download and run
arbitrary scripts from the Internet.

It is effectively a third party alternate installer. I welcome efforts
like these, but I don't think they should be presented as "instructions"
or "documentation" without making it clear that the user is relying on
the trust of an entire third party program. Arguably this is what
"Community wiki" implies, but normally I'd expect this to compromise
documentation, not entire third party programs.

I couldn't find any existing policy on the wiki documentation containing
guidance on this kind of thing. What is and isn't acceptable for the
community wiki to instruct users to do?

Thanks,

Robie