Version française
Home     About     Download     Resources     Contact us    
Browse thread
Re: [Caml-list] CDK with Ocaml 3.06 (fwd)
[ Home ] [ Index: by date | by threads ]
[ Search: ]

[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
Date: -- (:)
From: Sven Luther <luther@d...>
Subject: Re: Sign the packages (was Re: [Caml-list] CDK with Ocaml 3.06 (fwd))
On Tue, Oct 15, 2002 at 04:21:03AM -0700, Tim Freeman wrote:
> >...anonymously upload packages...
> >Maybe you could go without signatures even, since after all, there
> >is nothing critical and absolutely needing root access in the ocaml
> >packages.
> 
> This is quite dangerous.  Anyone can then anonymously upload a new
> version of any package that starts by doing "rm -rf ~".

Well, sure. So you have 2 choices :

  o require signed uploads from people you trust (and can visit
    consequence upon if they misbehave)

  o doing it so it will not be installed as root.

Mmm, i did not see that it would erase the home directory. Well, this is
only possible if the packages include scripts to be run before or after
the install. This is what debian uses right now, but then we use
solution 1 above.

Friendly,

Sven Luther
-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners