Actual question. Isn’t installing stuff from third party repos like super dangerous? The package scripts run with root access, right?
So, I guess you could tell if the hash of the package matches the hash of the code after you build it… But, what about upgrades on that package after it is installed? They could change the setup scripts and screw a lot of people right?
Not saying these guys do it, just wondering about security stuff.
“Science isn’t about WHY. It’s about WHY NOT. Why is so much of our science dangerous? Why not marry safe science if you love it so much. In fact, why not invent a special safety door that won’t hit you on the butt on the way out, because you are fired.” — Cave Johnson (Portal 2)
Removed by mod
It’a surprisingly detailed installation description 🤔
Joke project gets bonsai treatment, production gets one comment in docker compose.
Dev of joke project is having fun, dev of production software is not gonna do extra work they don’t have to
Yes, finally Linux gets a Bonzi Buddy release.
Actual question. Isn’t installing stuff from third party repos like super dangerous? The package scripts run with root access, right?
So, I guess you could tell if the hash of the package matches the hash of the code after you build it… But, what about upgrades on that package after it is installed? They could change the setup scripts and screw a lot of people right?
Not saying these guys do it, just wondering about security stuff.
quote stolen directly from the repo:
Lol
ideally package build scripts should be checked each update (although i am personally too lazy to)
Ain’t nobody got time for that 🎶