An attempt at improving cross-distribution software deployment: The Psys Library
Chuck Anderson
cra at WPI.EDU
Thu Jun 24 07:42:19 PDT 2010
On Thu, Jun 24, 2010 at 04:22:13PM +0300, Eugene Gorodinsky wrote:
> The bigest problem of distributing software in an executable is the
> security risks. For example you can't test if the package has been
> tampered with or not. IMHO it's much better to spend the time
> developing a common package format specifically designed for
> third-party packages. But that effort probably requires all the
> distributions to have the same package naming conventions.
Source vs. binary doesn't help you determine whether a package has
been tampered with or not. Cryptographic signatures and hashes can be
used just as easily on binaries as on source. When it comes down to
it, people have to trust their Linux or ISV distributor--there are no
practical alternatives.
More information about the Distributions
mailing list