[packagekit] 1-click; Third party vendors; etc.

Jan Niklas Hasse jhasse at gmail.com
Mon Jun 2 10:03:28 PDT 2008

I think OCI is a very bad idea. Clicking on "Install this!" I'm not
only trusting a vendor to install a program on my machine, but to run
code as root!
If I'm a developer of a very popular program, I could people tell to
use OCI to get it. When a certain amount of people downloaded my
software, I could provide an update which contains malware inside its
post-remove script. How long do you think it takes someone to find
out? By that time I could have easily stolen many of passwords and got
enough money to disappear :-)

(Sorry if there are some English mistakes or if it is hard to
understand what I'm trying to say)

More information about the PackageKit mailing list