• 9488fcea02a9@sh.itjust.works
    link
    fedilink
    arrow-up
    10
    arrow-down
    1
    ·
    1 year ago

    Can someone explain this paragraph please?

    Because of technical limitations in Linux in the 1990s, every Debian package has full root access during its installation. In other words, every Debian developer can potentially become the root user on any machine running Debian. With tens of millions of machines running Debian, that is potentially a lot of power.

    • Alex@lemmy.ml
      link
      fedilink
      arrow-up
      9
      arrow-down
      1
      ·
      1 year ago

      The package pre and post scripts are run as root. These are the things that make sure users and groups exist and other such tweaks to the system. You are essentially trusting the packager doesn’t put anything nasty in there.

      • TheHolm
        link
        fedilink
        arrow-up
        3
        arrow-down
        3
        ·
        1 year ago

        It is not different from pretty much any other distribution. You must tryst your upstream. If distro decided to get root access to a box it is has simpler way to achieve it.