Comment by IshKebab
6 days ago
Downloading and installing a `.deb` or `.rpm` is going to be no more secure. They can run arbitrary scripts too.
6 days ago
Downloading and installing a `.deb` or `.rpm` is going to be no more secure. They can run arbitrary scripts too.
Downloading a deb via a package manager is more secure. Downloading a deb, comparing the hash (or at least noting down the hash) would also already be more secure.
But yes, that the run arbitrary scripts is also a known issue, but this is not the main point as most code you download will be run at some point (and ideally this needs sandboxing of applications to fix).
> Downloading a deb via a package manager is more secure.
Not what I meant. Getting software into 5 different distros and waiting years for it to be available to users is not really viable for most software authors.
I think it would be quite viable if there is any willingness to work with the distributions in the interest in security.
1 reply →