[Gllug] Linux Conf GUI
home at alexhudson.com
home at alexhudson.com
Thu Jul 19 13:54:53 UTC 2001
On Thu, Jul 19, 2001 at 11:36:31AM +0100, tet at accucard.com wrote:
> risk as this is just broken beyond belief. You're downloading a random
> script from the internet, and piping it directly into a root shell?
How is that different from downloading random .debs from the internet, and
installing them?
> If anyone ever hijacks the go-gome.com domain, you're in a whole world
> of hurt...
Same for ftp.debian.org, ftp.apache.org, ftp.linux*.*, ftp.gnu.org.
Users don't audit stuff they install, aren't going to, and shouldn't be
expected to. You can trust the source from which you're getting the
packages, and verify that you are getting them from who you think you are
getting them from, and verify they haven't been tampered with. You can't
verify they are secure, ever.
Cheers,
Alex.
--
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list