Hello, Christian Boltz schrieb:
Am Sonntag, 14. August 2005 10:54 schrieb Sören Wengerowsky:
I don't know, if that's possible to perform, but i think, we should think about something like that...
For installation-time issues, rpm -qp --scripts foobar.rpm should help.
Yes.. but can you check scripts with apt, too? I think, apt works more or less automatically, so that you have no real chance to check them. A solution might be to download the packages via apt, and then check them.
If you doubt a program has a run-time backdoor, check the sources.
Maybe the installation-time scripts can be checked more or less automatically - but the programs can't IMHO because they are too complex.
Yes.. checking this might be impossible. But i think, the script kiddies who only want to damage systems will be not that inventive, and might only add a rm -rf / or so to a script. greets Soeren