Linked by Thom Holwerda on Sat 8th Apr 2006 16:18 UTC, submitted by fsmdave
Linux "It's the year 2006, and installing applications in GNU/Linux can still be a nightmare (especially if they are not available in your distribution's repository). Simon Peter is the developer of Klik, a piece of software that tries to resolve this problem. Simon kindly accepted to answer a few questions for FSM."
Permalink for comment 113078
To read all comments associated with this story, please click here.
RE[3]: Security?
by Tom5 on Sun 9th Apr 2006 09:38 UTC in reply to "RE[2]: Security?"
Tom5
Member since:
2005-09-17

"I think there is a difference, currently linux is save because you can't mail someone a chmod +x file. (or download one), you always have to implicitely make it chmod +x yourself."

Just mail them a .tgz containing the executable inside.

For another way to trick users into executing untrusted software, look at the start of klik's homepage (http://klik.atekon.de/), where it tells you to type:

wget klik.atekon.de/client/install -O -|sh

Alternatives to klik may require you to state that you trust a GPG key before running the software, but how can users decide whether the author can be trusted?

For example, Zero Install (http://0install.net) consults a central database to see if the software is signed with a known key, but users can still override this if they want, and so far the only key database just states when and where a key was first announced; there is no warranty or statement that the key is actually trust-worthy (I guess you'd need to pay someone money if you wanted them to check).

Reply Parent Score: 1