On Wed, 11 Sep 1996, J.H.M.Dassen wrote: > > It just occured to me that any evil intentioned or mad maintainer could add > > rm -rf / > > or anything of this sort in a postinst script. > > Yes. Or hide stuff in the binaries. You need root permissions to install > stuff in /bin etc. > > > I just would like to know what kind of protection debian could offer against > > such an unpleasant event. I am sure Bruce cannot afford to be very picky in > > the > > choice of maintainers (there are orphan packages crying for one). > > > > This is the kind of argument against Debian being used at large in my > > institute, the result being that half man pages are missing, even if you > > have > > such a complete manpath as > I would argue that Debian's large and diverse development group provides better protection from this kind of activity than smaller, closed development groups. This gives us a large, diverse group of testers. It is very unusual for a package to move from unstable to stable without someone trying it out. Because of the new pgp signatures, only one person is responsible for the contents of the package. This makes it unlikely that someone smart enough to build a package would not understand their identifiability. This means that the likelyhood of a "nasty" getting out is small, and the identification of the perp is certain. Tell your institute that Debian is better protected from this kind of event than most Linux distributions.
Luck, Dwarf ------------ -------------- aka Dale Scheetz Phone: 1 (904) 877-0257 Flexible Software Fax: NONE Black Creek Critters e-mail: [EMAIL PROTECTED] ------------ If you don't see what you want, just ask --------------