plowshare is not shipped with modules anymore
Ralf Corsepius
rc040203 at freenet.de
Fri Apr 17 04:41:39 UTC 2015
On 04/17/2015 01:10 AM, Pavel Alexeev wrote:
> Hi
>
> 14.04.2015 05:20, Ralf Corsepius пишет:
>> On 04/14/2015 03:01 AM, Elder Marco wrote:
>>
>>> Ralf, plowshare is a command-line downloader/uploader for some of the
>>> most popular file-sharing websites. Each module (written in bash)
>>> corresponds to a different sharing site. The modules are downloaded via
>>> plowmod, from a oficial repository provided by upstream.
>> Well, as I said before, I do not like packages, which are doing so.
>>
>> I consider them to be a security and data privacy risk, but I am not
>> in a position to change upstreams nor users.
>>
>> My advise to users: Don't use such packages if you are concerned about
>> your data and your installations' security.
>>
> If package provide some basic modules and also utilities for user to
> manage update "channels" or repo in clean way, why not?
Why would you trust such "update channels" and the content they provide?
Who tells me their site is trustworthy and not run or having been taken
over by a secret service, the Mafia or other criminals?
> As was mentioned
> early many software do the same.
In Fedora? None that I am aware of, except of Mozilla, whose
plugins/addons basically suffer from the same issue. Nothing but Mozilla
itself prevents you from installing the "Nigerian Mafia" or the
"NSA-Trojan" add-ons.
> Although we do not ship any external
> yum repos in rpm there clear way for users how to add others.
Correct. The rationale not to allow non-fedora repos in Fedora is
basically the same.
> And it may
> be much more security breach.
Well, instead of relying on Fedora shipping a fixed set of scripts
(which should have been reviewed and tested by the package maintainer
and protected from forgery with rpm), they want users to download
install arbitrary scripts from their site.
IMO, they are implementing a carte-blanche to trojans, malware and
espionage.
Ralf
More information about the devel
mailing list