Path: csiph.com!newsfeed.xs4all.nl!newsfeed8.news.xs4all.nl!news.dns-netz.com!news.freedyn.net!aioe.org!bofh.it!news.nic.it!robomod
From: Fabrice BAUZAC <noon@mykolab.com>
Newsgroups: linux.debian.maint.java
Subject: Re: List of consultants focusing on Debian packaging for Java?
Date: Sat, 12 Dec 2020 00:50:02 +0100
Message-ID: <Bl0kG-2Cv-7@gated-at.bofh.it>
References: <BjoKt-5C-3@gated-at.bofh.it>
X-Mailbox-Line: From debian-java-request@lists.debian.org  Fri Dec 11 23:48:57 2020
Old-Return-Path: <noon@mykolab.com>
X-Amavis-Spam-Status: No, score=-7.199 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, LDO_WHITELIST=-5] autolearn=ham autolearn_force=no
X-Policyd-Weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 CL_IP_EQ_FROM_MX=-3.1; rate: -4.6
Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mykolab.com; h= content-type:content-type:mime-version:message-id:date:date :in-reply-to:subject:subject:from:from:received:received :received:received; s=dkim20160331; t=1607730521; x=1609544922; bh=ucVAIUFOPwvK/F+7cwVA3uvIxw6GqTPswEoqGgwLf30=; b=2GoPQZisvnyZ qz9Z/0qsMA7+SsUP6rOC9oxrDDNyEEqo/P6+VwN8iowJgyEyt0rLx3eyUN8ZNuRe iIwFHvVNhPhhHjzG+ybE4dEif0hO3xvW0mF4HQHkBBJABdmLq1d97z+pUBvnboTA Vk9wX7rqTFRny/LA3rmwVGCMt0V0DY1veKoLbGOTxFQHo+yWSb7tETlqee33ytTR fH0aZUrajwOeCBMvMYrlWY7SSjQn7sM8A8GwwQ33/6aTLdOzgf89T71HtviewMCZ 7+yAW6ka5xXo7kpqxSFiqxINdFgHGpwiMO3uwPE7iOxFfbjhS2d4wgcnRMVX85NV bpo+d3mzuVlxLeNWYGYwj6aXlHGgTIqztBZnmP8186Ncw4m3kcN73TjnBj6vi7qj H4h7St2l37g/QckzR9pHqSbCJ1a9/TZXzudgrD5vLTidpz2QGpg3eVCiW9cl/Xa6 yKSMaPBsmUT0C7pY31T7LfueuQKcH6wI3jetA923aNbz0vVOqDHoNyiymIzdYlKo 38K/D7si8yQ0MI9xWakwskLJ5BYWiT3fut5n1acHFtn89Zli3jv10RzZV2e/L1Sf qa23Uol4Rokrg9SYczdRNeLMkso1+cAz0GxSOVohHv+5saclcDHFQYXDotF/69iP Bk/+smKB0wXS1haQq+HGVhv4L2r61yI=
MIME-Version: 1.0
Content-Type: text/plain
X-Mailing-List: <debian-java@lists.debian.org> archive/latest/22618
List-ID: <debian-java.lists.debian.org>
List-URL: <https://lists.debian.org/debian-java/>
List-Archive: https://lists.debian.org/msgid-search/87360boqeh.fsf@mykolab.com
Approved: robomod@news.nic.it
Lines: 10
Organization: linux.* mail to news gateway
Sender: robomod@news.nic.it
X-Original-Cc: lists@antonin.delpeuch.eu, debian-java@lists.debian.org
X-Original-Date: Sat, 12 Dec 2020 00:48:38 +0100
X-Original-Message-ID: <87360boqeh.fsf@mykolab.com>
X-Original-References: <9272466e-c771-3b08-7c2f-205fa4d92912@at.or.at>
Xref: csiph.com linux.debian.maint.java:11993

Hans-Christoph Steiner <hans@at.or.at> writes:

> Third party package repositories are a thing, like Ubuntu PPAs, aptly,
> JFrog Debian Repositories, etc.  Unfortunately, due to Debian Apt's
> design, that means giving root access to each repository (package
> pre-install/remove/etc scripts are run as root).

I don't think it is related to APT, but rather it is a risk that is very
common to packages like deb, rpm or similar that can run arbitrary code
as root.