|
|
|
|
|
|
by jraph
1013 days ago
|
|
|
> packages are cryptographically signed packages are cryptographically signed by the packager, by the way on Debian you add the key when you install a new repository. The signature tells you "This package has been built by X and has not been tempered in the meantime", not "X and this package are not malicious, I promise". > you have the option to abort the install of an untrusted package before it does something malicious How do you do this in practice? If I run apt install p or or dpkg -i p.deb, the thing is installed. APT asks you for confirmation if it has to install additional dependencies but that's it. I don't have no guaranty such like for any package, I can install it without worrying something bad won't happen during its installation. Of course you should not install untrusted packages, but still.
The same could not be said if the package format didn't have anything to specify arbitrary install scripts. |
|
|