[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [sc-dev] quarks install actions



Till Bovermann wrote:
> Ok, I see.
> I'm against it.
> It would be easy to build a virus removing at least all user data with
> this, just by writing a quarks file and adding it to the repository.

what's the difference between malicious compiled code and malicious
sclang code? currently quarks are executable code anyway, and properly
installed code could wipe out your home directory, too. i would think
that if security is a real concern, a lot more profound measures need to
be taken.

imo the user confirmation proposed by dan is a good solution.

<sk>