[Slackbuilds-users] Corcern about sources' procedence

Willy Sudiarto Raharjo willysr at gmail.com
Thu Jun 9 09:36:00 UTC 2011


> I trust SlackBuild's statement of them checking the scripts for evil
> contents. In fact, many scripts are so simple that you can check them
> quickly in a few minutes. However... what happens if Niels Horn is one
> of those Black Hats who live in the shadows, slowly infecting computers
> all around the world as part of his plan for conquering the Earth? What
> is preventing him from patching the original Snort x.y.z and turning it
> into a dangerous backdoor? If Snort x.y.z was in www.snort.org, you
> could easily check if Niel's version is the same, but you only will be
> able to check against x.y.z+1 version. You can still modify the build
> script and build the last version of Snort from the authors website,
> yes, but this would be no solution for Niel infecting thousands of
> computers.
>
> What procedure is taken in order to avoid this nightmare?
> Because, knowing SlackBuild.org has a very good reputation and its
> software works flawlessly most of the times, I asume you have some
> method to prevent Niel and his friends from taking over Slackware
> Universe.

That's why in SBo, they never give any source in the repository
you have to download the source by yourself

if you don't believe the script, you can check whether it tries to
patch or do something malicious and you can always edit the script
according to your senses.

In most cases, the script can be used to compile x.y+1, x.y+2, or even more
you only need to edit the VERSION line


-- 
Willy Sudiarto Raharjo
Personal Blog : http://willysr.blogspot.com
Linux Blog: http://slackblogs.blogspot.com


More information about the SlackBuilds-users mailing list