@marcan im mostly worried about a bug in the shell script that deletes stuff when running. No need to be malicious even.
Top-level
@marcan im mostly worried about a bug in the shell script that deletes stuff when running. No need to be malicious even. 4 comments
@marcan my point is that when downloading something from package manager it has likely way less chance to delete my home folder than piping a script to bash, due to more excessive testing and wider usage. But in general i agree with your argument, when it comes to security nobody really cares, they just want to get things done. @aks I don't see how something coming via package manager means it gets wider testing. It might, or might not, mean it gets a few more eyeballs, if it was packaged by a third party. But we are shipping an OS. We *are* the package manager. If you don't trust us not to screw up then it doesn't matter how the download works. @marcan Not critiquing how you do it, nor saying what i think is "correct", was more a feeling thing. :) Perceived security vs actual security. I always read the script anyway, but more for the curiosity than for the verification. And i understand your usecase for it! |
@aks Bugs are a possibility with any and all software. This is completely tangential to the delivery mechanism.