Re: [Evolution] go-gnome installer

This is true, however, his point about it being just as dangerous to
download a file, untar it, and run it still stands.

No it isn't. This is why virtually every large-scale software
distribution includes MD5 or SHA sigs alongside the files --- 
often via HTTPS --- so you can download the files, compare the
sigs, and then install. What's funny about lynx | sh is not
that it uses Lynx to download files, but that it gives total
control of your machine immediately over to

Also, the security of this system has nothing at all to do with
the security of the "" servers or Ximian or whatever.
By building an install system like this, Ximian is trusting the
recursive DNS servers of EVERY network in the world. Any weak DNS
server can be poisoned with a fake "go-gnome" that will backdoor
gnome installers without them even knowing it.

I agree with everyone else that this is off-topic and I'm sorry
for bringing it up here, but this is a total embarassment.

Excellent hack value. Dumb idea.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]