[packagekit] 1-click; Third party vendors; etc.

Patryk Zawadzki patrys at pld-linux.org
Mon Jun 2 11:04:49 PDT 2008

On Mon, Jun 2, 2008 at 7:22 PM, Klaus Kaempf <kkaempf at suse.de> wrote:
> Please explain how this is different from the usual 'rpm for
> distribution XYZ -> download here' links posted on project websites.

It's just as bad.

> Users click there, download and install it. Installation is done as
> root and the package can run all sorts of bad things in it %post
> section.
> The only difference I can see is that between download and install,
> you can inspect the package binary and look at the scripts within. Do
> people do this ?

Do people download and install random rpm packages? Probably yes.
Should they? I think not.

Patryk Zawadzki
PLD Linux Distribution

More information about the PackageKit mailing list