Limiting the power of package installation in Debian
Limiting the power of package installation in Debian
Posted Nov 8, 2018 5:29 UTC (Thu) by interalia (subscriber, #26615)Parent article: Limiting the power of package installation in Debian
> But I don't think it would solve the problem you pose. Who is going to set the profile? If if is the 3rd party packager, they will just use 'core' and install their APT source (or whatever they want). If it can be specified or overridden by the user at install time, then trying to install Skype with ‑‑profile=default will make the installation fail, and the user will just resort to ‑‑profile=core.
Yes, though it would be interesting if you could set these profile types in the APT source list, so that the tools could tell if you a package specified a profile other than the ones you have allowed. That way if the latest version of the Chromium 3rd-party package was profile "core" and I have it in my sources.list as "default" then APT/dpkg could decline to install it (or prompt).
It would not, as everyone agrees, prevent malicious changes, so I'm not sure the small gain (preventing/alerting of buggy/inadvertent changes) is worth the effort except if it prevents upload of the buggy packages in the first place.