Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I just have a general question about packages. Not that I don't trust the people that write the code for linux out there, I'm sure there are a lot of awesome programmers behind the movement or it wouldn't be where it is today. But banking on the idea that there are always few bad apples that ruin the bunch, what assurances do we have that some program, or pkg X we install doesn't have a security back door written into it, or <insert some malicious idea here> ? Not trying to make anyone angry but I'm just curious how it all works.
I don't know about other distros, but I know Debian has a pretty thorough review and high standards for any packages that are included in the repositories (for stable and testing at least, not sure about unstable). One of the things about open source software is that you typically have a lot of eyes parsing through the code. I guess it might be possible for a large scale conspiracy, but I'd think it was generally uncommon, IMHO.
Well, code for the kernel is done mostly by members of kernel.org. I think Linus has several deputies who have authority to add code to the official tree and review it. He of course has final say.
But all other packages are handled on a repository specific review. Things that are good enough (i.e. slightly buggy) might be good enough for Ubuntu, but on Debian, they may fail to compile on one of the 11 architectures supported, so it doesn't get into the stable repos. Only things that have been deemed bug free and compile/run properly on all the Debian supported architectures are in the stable repositories.
Repositories are just a collection of software. Many distributions have a large amount of packages in "unofficial" repositories that are not necessarily controlled by the distribution. Debian has probably the largest repository of offical packages.
The advantage of repositories is that you can install a large variety of software that you know will work with your distribution, all for free. For example, I can install OpenOffice, a pdf reader, a web browser, an ftp client, an ftp server, database servers/clients, etc, etc all from the Debian repositories. If you wanted to install all that stuff on Windows, you'd probably have to hunt down the programs, some at download.com, some at third party websites, some at collection websites/CD (TheOpenCD), etc. So linux users are a bit spoiled because we expect to be able to easily add the software we need at anytime. Not to mention that we can remove any unnecessary software with the same amount of ease.
Not sure that is a completely accurate statement considering there are many specialty distros that don't have package managers such as coyote linux, IPcop, Sveasoft Alchemy (although this is technically firmware), etc.
But definitely most of the major general purpose distros have repositories. Although now that I think about it, are there slackware repositories (haven't used it lately and I feel like a long time ago it was strictly source based)...
as far as I know all debian developers have there own pgp keys thats are used to sign off packages that get uploaded. This makes sure that the packages uploaded can be authortenticated to see if it really came from them.
Packages in the official repitories and the popular unofficial ones I would say are safe to use. ll the big name distros have strict guide lines and code audits for packages. As long as you stay away from stans home cooked packages in a a server in bosnia you will be alright.
There is no way to be sure unless you compile everything from source and audit it your self, wether something has a backdoor in it intentionally. You just have to trust the package maintains and the coders of the applications. I would personally be more worried about propriatory software from the US cough MS products cough of have a securty back door intentiaonly put in for government spying reason or detecting pirated software etc