[Zope-Coders] Re: (Off-topic) Linno
Shane Hathaway
shane@zope.com
Mon, 16 Sep 2002 13:06:15 -0400 (EDT)
On Mon, 16 Sep 2002, Guido van Rossum wrote:
> > From: Shane Hathaway <shane@zope.com>
> >
> > (On a tangent, there ought to be a program called "Linno Setup". It
> > would provide an easy installation wrapper for Linux software downloaded
> > from the 'net, bringing a lot more people to Linux. I think this hasn't
> > been done yet because of concerns over Linux viruses, but we could deal
> > with most of that through code signing.)
>
> I was with you until the last sentence. Why would an easy to use
> installation wrapper have more risk of transferring viruses than, say,
> RPMs?
Because a lot of people, including myself, generally install only signed
RPMs (with a verified signature). A similar level of assurance needs to
be added to installers before they can be trusted. Code signing isn't a
perfect solution, but it at least lets you verify that software comes from
where you think it comes from.
Shane