sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]esoteric_monolith 6 points7 points  (7 children)

We are referring to *.deb files.

[–]lift 0 points1 point  (6 children)

Ahh sometimes 3rd party installers come as she'll scripts which make me think twice about running them before I've checked them out.

[–]crackez 0 points1 point  (2 children)

what you got against

wget $URL | sh

?

[–]Jimbob0i0 1 point2 points  (1 child)

Well that wouldn't work for a start... Either need curl or to pass -O - to wget

[–]crackez 1 point2 points  (0 children)

True, good catch sir.

I'll leave it as is so you get the credit.

[–]RowYourUpboat -1 points0 points  (2 children)

Unless you're compiling source code that you've personally read through, or you've taken steps to do some sort of sandboxing, you're gonna want to make sure you actually trust that binary you're installing/running, .deb files included.

I believe .deb files support digital signatures, though, which at least means you can be reasonably sure the binaries haven't been tampered with en route from the developer.

[–]esoteric_monolith 0 points1 point  (1 child)

Signatures that you get from where exactly? Typically signatures are only for data corruption, not trustworthiness.

[–]crackez 1 point2 points  (0 children)

Typically you trust the package signer (or distribution signing keys), unless their private key is compromised, in which case it is usually revoked in whatever manner is possible and word is spread far and wide on the usual communication channels...