Hi, > Unless I've missed it, there's no privlege dropping, and I'd like wget > to run as a normal user (specifically: nobody). This should be easily > implemented, as the script is just writing to /tmp/.
I've seen the discussion in this bug, and I wonder whether it makes sense to actually go the way to drop these privileges. A user running apt-get update or apt-get upgrade is already performing many HTTP requests and downloading numerous files from relatively untrusted sources (they are verified after downloading), as root. Would it make sense to change msttcorefonts for this while an admin will already be doing this with APT? Thijs
