> It just occured to me that any evil intentioned or mad maintainer could add > rm -rf / > or anything of this sort in a postinst script.
Yes. Or hide stuff in the binaries. You need root permissions to install stuff in /bin etc. > I just would like to know what kind of protection debian could offer against > such an unpleasant event. I am sure Bruce cannot afford to be very picky in > the > choice of maintainers (there are orphan packages crying for one). > > This is the kind of argument against Debian being used at large in my > institute, the result being that half man pages are missing, even if you have > such a complete manpath as This argument is not limited to Debian. It is as valid for any binaries whatsoever, including those in commercial systems (how do you know that your nice Commercial Unix (or DOS, or...) will not autodestruct on March 4, 1997?) This is a matter of trust. If you don't trust binaries, install only a minimal system, read the source (every line of it), understand it, compile it and install it. At least with free software, you have the source... (as Joey puts it: "never trust an OS you don't have the sources for"). And with Debian, uploads are PGP-signed by their (known) maintainer, so you can at least be reasonably sure from whom they're coming from. If I would want to destroy systems, I'd upload some binaries to sunsite; with "reasonable" precautions, it is very difficult or even impossible to trace them back to me. This kind of subject comes up very often on comp.security.{unix,misc} and likely comp.risks too. Ray -- ART A friend of mine in Tulsa, Okla., when I was about eleven years old. I'd be interested to hear from him. There are so many pseudos around taking his name in vain. - The Hipcrime Vocab by Chad C. Mulligan