plowshare is not shipped with modules anymore

[Ralf Corsepius]

On 04/17/2015 01:10 AM, Pavel Alexeev wrote:
> Hi
>
> 14.04.2015 05:20, Ralf Corsepius пишет:
>> On 04/14/2015 03:01 AM, Elder Marco wrote:
>>
>>> Ralf, plowshare is a command-line downloader/uploader for some of the
>>> most popular file-sharing websites.  Each module (written in bash)
>>> corresponds to a different sharing site.  The modules are downloaded via
>>> plowmod, from a oficial repository provided by upstream.
>> Well, as I said before, I do not like packages, which are doing so.
>>
>> I consider them to be a security and data privacy risk, but I am not
>> in a position to change upstreams nor users.
>>
>> My advise to users: Don't use such packages if you are concerned about
>> your data and your installations' security.
>>
> If package provide some basic modules and also utilities for user to
> manage update "channels" or repo in clean way, why not?
Why would you trust such "update channels" and the content they provide?

Who tells me their site is trustworthy and not run or having been taken 
over by a secret service, the Mafia or other criminals?

> As was mentioned
> early many software do the same.
In Fedora? None that I am aware of, except of Mozilla, whose 
plugins/addons basically suffer from the same issue. Nothing but Mozilla 
itself prevents you from installing the "Nigerian Mafia" or the 
"NSA-Trojan" add-ons.

> Although we do not ship any external
> yum repos in rpm there clear way for users how to add others.
Correct. The rationale not to allow non-fedora repos in Fedora is 
basically the same.

> And it may
> be much more security breach.
Well, instead of relying on Fedora shipping a fixed set of scripts 
(which should have been reviewed and tested by the package maintainer 
and protected from forgery with rpm), they want users to download 
install arbitrary scripts from their site.

IMO, they are implementing a carte-blanche to trojans, malware and 
espionage.

Ralf