Browse thread
Re: [Caml-list] CDK with Ocaml 3.06 (fwd)
[
Home
]
[ Index:
by date
|
by threads
]
[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
| Date: | -- (:) |
| From: | Sven Luther <luther@d...> |
| Subject: | Re: Sign the packages (was Re: [Caml-list] CDK with Ocaml 3.06 (fwd)) |
On Tue, Oct 15, 2002 at 04:21:03AM -0700, Tim Freeman wrote:
> >...anonymously upload packages...
> >Maybe you could go without signatures even, since after all, there
> >is nothing critical and absolutely needing root access in the ocaml
> >packages.
>
> This is quite dangerous. Anyone can then anonymously upload a new
> version of any package that starts by doing "rm -rf ~".
Well, sure. So you have 2 choices :
o require signed uploads from people you trust (and can visit
consequence upon if they misbehave)
o doing it so it will not be installed as root.
Mmm, i did not see that it would erase the home directory. Well, this is
only possible if the packages include scripts to be run before or after
the install. This is what debian uses right now, but then we use
solution 1 above.
Friendly,
Sven Luther
-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners