On 04/17/2015 01:10 AM, Pavel Alexeev wrote:
Hi
14.04.2015 05:20, Ralf Corsepius пишет:
On 04/14/2015 03:01 AM, Elder Marco wrote:
Ralf, plowshare is a command-line downloader/uploader for some of the
most popular file-sharing websites. Each module (written in bash)
corresponds to a different sharing site. The modules are downloaded via
plowmod, from a oficial repository provided by upstream.
Well, as I said before, I do not like packages, which are doing so.
I consider them to be a security and data privacy risk, but I am not
in a position to change upstreams nor users.
My advise to users: Don't use such packages if you are concerned about
your data and your installations' security.
If package provide some basic modules and also utilities for user to
manage update "channels" or repo in clean way, why not?
Why would you trust such "update channels" and the content they provide?
Who tells me their site is trustworthy and not run or having been taken
over by a secret service, the Mafia or other criminals?
As was mentioned
early many software do the same.
In Fedora? None that I am aware of, except of Mozilla, whose
plugins/addons basically suffer from the same issue. Nothing but Mozilla
itself prevents you from installing the "Nigerian Mafia" or the
"NSA-Trojan" add-ons.
Although we do not ship any external
yum repos in rpm there clear way for users how to add others.
Correct. The rationale not to allow non-fedora repos in Fedora is
basically the same.
And it may
be much more security breach.
Well, instead of relying on Fedora shipping a fixed set of scripts
(which should have been reviewed and tested by the package maintainer
and protected from forgery with rpm), they want users to download
install arbitrary scripts from their site.
IMO, they are implementing a carte-blanche to trojans, malware and
espionage.
Ralf
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
