May 07 2007
A quick note on security
If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!
I saw this on Digg’s upcoming stories today: Totally complete sources.list for Ubuntu Feisty Fawn, and felt a chill of terror. Visions of masses of users new to Ubuntu (and Linux in general), downloading this sources.list and using it, watching their computers melt, and blaming Linux overwhelmed my poor little brain.|
|
I’ll say the same thing here that I said there:
Sphere: Related ContentIt can’t be said enough: don’t simply use someone elses sources.list without verifying every entry in it. Your sources.list file should only be updated by one person: you (or your sysadmin), and only when you know what you are installing.
An entry in your sources.list is the equivalent of a list of trusted developers. It is a list of people who can and do program computer software to make it behave in a way that they want. Combined with most installations being done as a superuser, a sources.list file is essentially a list of (for lack of a better word) hackers that you trust to let use your machine for whatever reasons they deem necessary. If you (or canonical) didn’t put the entries there, how do you know whether or not you can trust them? Answer: you can’t.
So do not, repeat DO NOT use someone else’s sources.list without manually verifying every entry in it.
If you found this article useful and use StumbleUpon, please give it a 
thumbs up so more people can read it! Thank you!
Please take the time to check out this thread and leave a comment letting me know what you would like to see from this site. It's still relatively young and trying to find its way- you can make design pitstop the resource you always wanted!