[packagekit] 1-click; Third party vendors; etc.

[Benji Weber]

2008/6/3 Jan Niklas Hasse <jhasse at gmail.com>:
> On Tue, Jun 3, 2008 at 11:02 AM, Benji Weber <benji at opensuse.org> wrote:
>> That was not my point. My point was that if users are using the
>> package management system to install software rather than using random
>> installers then there is at least some opportunity for the system to
>> protect the user from accidental system breakage and installation of
>> malicious software. When users are just executing an unknown binary as
>> root there's nothing that can be done.
>
> Well, a rpm or a deb is also a binary (shell scripts can execute
> binaries, setuid) which is executed by root from the package manager.

Yes. The user must choose to trust the key before anything can be
installed or executed though. Also, if the package management system
is aware of the files that are installed then it can also avoid
overwriting them or otherwise breaking the software, and it can also
prevent installation of software that conflicts with installed system
software. None of this protection is available from custom installers.

--
Benjamin Weber