Re: Limiting the power of packages
- Date: Thu, 4 Oct 2018 11:07:37 +0200
- From: "W. Martin Borgert" <debacle@xxxxxxxxxx>
- Subject: Re: Limiting the power of packages
On 2018-10-03 23:30, Antoine Beaupré wrote:
> are somewhat low-hanging fruits in there like declarative maintainer
I am very much in favour of declarative maintainer scripts!
AFAIK, Niels Thykier has done a lot of work there, while Ralf
Treinen and colleagues are analysing maintainer scripts - they
even wrote a shell script parser, that is not a shell itself.
However, I would not try to see this work too much as means of
defense against malicious deb packages. This leads to a wrong,
non-achievable goal. I see it as a means to provide better
quality, predictable system state, and safety against bugs.
> with the security models of iOS or Android, we still have quite a lot of
> work to do to make sure (say) my IRC client cannot steal my bank
> credentials or (the horror!) vice-versa. ;)