Email or username:

Password:

Forgot your password?
Top-level
Akseli :quake_verified:​ :kde:

@marcan im mostly worried about a bug in the shell script that deletes stuff when running. No need to be malicious even.

4 comments
Hector Martin

@aks Bugs are a possibility with any and all software. This is completely tangential to the delivery mechanism.

Akseli :quake_verified:​ :kde:

@marcan my point is that when downloading something from package manager it has likely way less chance to delete my home folder than piping a script to bash, due to more excessive testing and wider usage.

But in general i agree with your argument, when it comes to security nobody really cares, they just want to get things done.

Hector Martin

@aks I don't see how something coming via package manager means it gets wider testing. It might, or might not, mean it gets a few more eyeballs, if it was packaged by a third party.

But we are shipping an OS. We *are* the package manager. If you don't trust us not to screw up then it doesn't matter how the download works.

Akseli :quake_verified:​ :kde:

@marcan Not critiquing how you do it, nor saying what i think is "correct", was more a feeling thing. :) Perceived security vs actual security.

I always read the script anyway, but more for the curiosity than for the verification. And i understand your usecase for it!

Go Up