Sbopkg package manager

New features which should be implemented in Porteus; suggestions are welcome. All questions or problems with testing releases (alpha, beta, or rc) should go in their relevant thread here, rather than the Bug Reports section.
User avatar
BlackRider
Black ninja
Black ninja
Posts: 70
Joined: 13 Jul 2011, 11:04
Location: Nowhere
Contact:

Re: Sbopkg package manager

Post#16 by BlackRider » 21 Jul 2011, 11:30

Is there a simple solution to that?
The simplest solution to avoid malware from insecure sources is not to use insecure sources. By getting the source code from upstream, you ensure nobody has changed the tarball between him and you.

The way I do it: take the script from SlackBuilds with their associated files, and then review them all. Then take the source from its author. If the links slackbuilds.org is not pointing to the author's original hosting, I download both and verify they are the same by performing various checksums (MD5 is good for error detection, but is collision prone and should not be used for security purposes, so I use MD5 and another one). To this date, I have found every source I have downloaded to be reliable, but you never know...
How would you edit the code?
What I know about coding could be written in a very small place. I'd better leave the coding to coders.

User avatar
Hamza
Warlord
Warlord
Posts: 1847
Joined: 28 Dec 2010, 07:41
Distribution: Porteus
Location: France

Re: Sbopkg package manager

Post#17 by Hamza » 21 Jul 2011, 11:39

I am working on a feature to make secure all "trusted" packages. For more security, I will not publish the source code of this protection.

It will be able to check of the packages is from official repo, and if it is not corrupted by a malware.

Bye!
NjVFQzY2Rg==

User avatar
francois
Contributor
Contributor
Posts: 5083
Joined: 28 Dec 2010, 14:25
Distribution: kde xfce porteus manjaro kubun
Location: Enfin l'été, le changement climatique attendu: le soleil.

Re: Sbopkg package manager

Post#18 by francois » 22 Jul 2011, 14:40

Please hyerlink to the appropriate thread once completed. We will be happy to use your tool.
Voltaire: Le mieux est l'ennemi du bien.

User avatar
Hamza
Warlord
Warlord
Posts: 1847
Joined: 28 Dec 2010, 07:41
Distribution: Porteus
Location: France

Re: Sbopkg package manager

Post#19 by Hamza » 22 Jul 2011, 14:43

I sent it to brokenman. :oops:

There is already a security function in Sbopkg, I just found it in the source code.
I will write a function to use it under Porteus V1.0
NjVFQzY2Rg==

Post Reply