On what can I base my trust towards specific PPA?
Is there some method for gaining information on which I can base my trust? From top of my mind, for example, how many people downloaded the package, what is their feedback, vote, vouch or something? Browsing forums to see if the author has trust of others is not good enough (and lengthy); looking at author's websites whether they look legit is silly imho.
To have an example,
there is a WebUpd8 APP by Alin Andrei that seems to have a good reputation. Their Lanchpad site shows details about the package including updates. That's useful, alright. I think I need more to get confidence the software is qualit enough and without malicious intentions. For example, how can I see how many people actively use it or what problems they experienced?
The obvious problem
with packages coming from third party is that they might be unintentionally bugged or otherwise imperfect and cause problems (possibly hard to solve for a newbie user especially) or intentionally containing malicious software. Now we are a community so how do we cover this risk? I'd expect some sensible system, as is usually the case with unix, but so far when this question was asked the answers did not mention any method for a trust verification.
I'm afraid of hackers who gain credibility and one day flip to the dark side and include some listening backdoor malware into the packages they distribute. Is this beyond healthy paranoia? (-:
Possible Duplicates:
There are good reasons why to regard this question as a duplicate. I'll try to provide good reasons why is this question distinctive. In short, the other answers didn't provide solution to the problem described here.
This question was already vaguely answered here:
- Are “PPA's” safe to add to my system, and what are some “red flags” to watch out for?
- Should I trust these packages and ppas?
People answer like "these are cool" and "this PPA's fine and legit" and "in the end it's your choice". The answers don't provide any tool or method with which I could verify or quantify the trust myself. I don't have enough reputation to comment there, so I'm asking separate question. I'm after some method of collecting evidence on which I can base my opinion whether to trust a certain PPA or not. Checking the website for looking legit and browsing forum to read that some person thinks "it's ok" doesn't feel right enough.
A question that seeks some kind of method was already asked.
- How to find out the package download count from a PPA?
The answer there is not usable for me right awat as I don't know how to work with such a script. And again, I don't have 50 reputation points needed to write there so. So I'm asking myself a new explicit question.
No comments:
Post a Comment