Linked by Thom Holwerda on Wed 16th Dec 2009 21:38 UTC, submitted by whorider
Privacy, Security, Encryption This news is already a week old, but it only got submitted to us today, and I didn't notice it all. As it turns out, two malicious software packages had been uploaded to GNOME-Look.org, masquerading as valid .deb packages (a GNOME screensaver and theme, respectively).
Permalink for comment 400001
To read all comments associated with this story, please click here.
RE: Bottom Line
by ple_mono on Wed 16th Dec 2009 22:41 UTC in reply to "Bottom Line"
ple_mono
Member since:
2005-07-26

I agree. There's several problems with package managers today though. There's so many packaging standards and mechanisms. This results in one tarball having to be packaged a whole bunch of times to reach most linux users. I realize here, that many distros use different versions of dynamic libraries and such, but there are the possibility to build "fat" binaries (not the correct term perhaps) that would fit the most common configurations, or a "golden standard" if you will.
It seems to me, none of the major distros are willing to work together to create such a standard, and a mechanism to work with it though. It could in theory bring packages to a much wider audience, with less work being done by the maintainers = more time to work on packaging stuff that end up at gnome-look.org etc as it is now.

That is not the only problem IMHO. There should be some way for users to install packages, contained in their $HOME only (or a mechanism to install packages per user, or group), without root privilegies. Themes don't have to be friggin installed as root, to the system root! But, to be honest, it would be nice if one could install regular applications this way too. In this recent case with the .deb from gnome-look, this method could have significantly minimized the damage a "rouge" binary could have done to the system..

Reply Parent Score: 4