Pascal Bleser wrote:
Yes, somehow. That's why we need good packagers, a web of trust, and that's also why packages are digitally signed.
Sure, it could. And you can't really change that, as you would have to strongly restrict RPM's flexibility. Some RPMs also automatically create required user accounts, etc etc...
In the end, it is executing code as root. And that can punch quite a big hole in your system. But on the other hand, it's also much required to work properly.
I don't really see a technical approach to avoid this.
Hi Pascal, Thanks to your answers. So you point out the "web of trust", and that there is no technical approach to this. It's within the inherent structure of rpms, etc. I wish we can have the web of trust you mention, and that new users have clearly in mind what rpms can do. OK, i didn't know. But spreading the word and learning might be the best approch to remain safe, under a certain degree. Cheers, Patrick M