Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> unless you’re the sort of person who reads configure scripts and makefiles

I always read these files before building from source. Is this really so rare? Why wouldn't people read the scripts they're about to run?

> the various scripts inside Debian packages and RPMs

It's reasonable to assume package repository maintainers have ensured their packages are not malicious.



But, we’re talking about installing software from non-distribution sources. E.g. the Minecraft Launcher ships as a .deb that you install: there’s no benefit security-wise for that over curl … | sh

And, I doubt most people have the time or ability to read all the scripts that come with large software packages and ensure that they’re safe. For better or worse, executing code downloaded from the internet without verifying it manually is the norm these days.


No, .deb is safer. You can manually unpack it into a folder without running any scripts as root.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: