Posted by: Anonymous Coward
on February 16, 2007 04:44 PM
"I currently have 2,100 Debian packages installed. Every time I update my computer, the authors of every one of these packages get to run a shell script of their choice as root on my machine -- even the maintainers of documentation packages, or of packages I installed months ago and never ran again. Even if I trust the packagers to this extent, what about the risk that one of them has their machine compromised?"
And he goes on to remark that Ubuntu will install an unsigned<nobr> <wbr></nobr>.deb from the web without mentioning security at all. This is a security disaster waiting to happen. As soon as any GNU/Linux distro gets a significant share of the total desktop market, look out for the bad guys to start exploiting this. Steve Ballmer will have a field day pointing out that "Linux" is less secure than Windows. Of course Linux is pretty secure and GNU is pretty secure; but the packaging systems used by nearly all distros make the user bypass all security, so his message will be believed.
Learn about Linux
Download Linux
Get Linux help
He makes a very good point
Posted by: Anonymous Coward on February 16, 2007 04:44 PM"I currently have 2,100 Debian packages installed. Every time I update my computer, the authors of every one of these packages get to run a shell script of their choice as root on my machine -- even the maintainers of documentation packages, or of packages I installed months ago and never ran again. Even if I trust the packagers to this extent, what about the risk that one of them has their machine compromised?"
And he goes on to remark that Ubuntu will install an unsigned<nobr> <wbr></nobr>.deb from the web without mentioning security at all. This is a security disaster waiting to happen. As soon as any GNU/Linux distro gets a significant share of the total desktop market, look out for the bad guys to start exploiting this. Steve Ballmer will have a field day pointing out that "Linux" is less secure than Windows. Of course Linux is pretty secure and GNU is pretty secure; but the packaging systems used by nearly all distros make the user bypass all security, so his message will be believed.
#