this post was submitted on 13 Jul 2023
10 points (100.0% liked)
Programmer Humor
19551 readers
1077 users here now
Welcome to Programmer Humor!
This is a place where you can post jokes, memes, humor, etc. related to programming!
For sharing awful code theres also Programming Horror.
Rules
- Keep content in english
- No advertisements
- Posts must be related to programming or programmer topics
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Actual question. Isn't installing stuff from third party repos like super dangerous? The package scripts run with root access, right?
So, I guess you could tell if the hash of the package matches the hash of the code after you build it... But, what about upgrades on that package after it is installed? They could change the setup scripts and screw a lot of people right?
Not saying these guys do it, just wondering about security stuff.
quote stolen directly from the repo: