LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-15-2017, 07:31 PM   #1
pedros
Member
 
Registered: May 2017
Posts: 85

Rep: Reputation: Disabled
How can my work become a trusted source?


I wrote some bash script, then on a forum I asked for a peer review of it. Most of the response was that it had a security issue. But answers were vage about how to fix the problem. I feel intimitated by the response. Perhaps I asked the wrong questions in the wrong way? Can someone please read my post, and tell me what I did wrong?
http://forums.debian.net/viewtopic.php?f=10&t=133008
 
Old 05-15-2017, 07:41 PM   #2
rtmistler
Moderator
 
Registered: Mar 2011
Location: USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu, Debian
Posts: 9,891
Blog Entries: 13

Rep: Reputation: 4944Reputation: 4944Reputation: 4944Reputation: 4944Reputation: 4944Reputation: 4944Reputation: 4944Reputation: 4944Reputation: 4944Reputation: 4944Reputation: 4944
Hi pedros and welcome to LQ!

How about instead you post your script here or in a thread under Programming and the members of LQ give you some recommendations.

Best Regards
 
Old 05-16-2017, 02:29 AM   #3
AwesomeMachine
LQ Guru
 
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,524

Rep: Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015
I think you just insulted them a bit by violating the Debian policy. You should read it. But I think they got a bit carried away.
 
Old 05-16-2017, 04:13 AM   #4
ardvark71
LQ Veteran
 
Registered: Feb 2015
Location: USA
Distribution: Lubuntu 14.04, 22.04, Windows 8.1 and 10
Posts: 6,282
Blog Entries: 4

Rep: Reputation: 842Reputation: 842Reputation: 842Reputation: 842Reputation: 842Reputation: 842Reputation: 842
Quote:
Originally Posted by AwesomeMachine View Post
But I think they got a bit carried away.
I would agree.

@pedros: Hello and welcome to the forum

Regards...

Last edited by ardvark71; 05-16-2017 at 04:15 AM. Reason: Added greeting.
 
Old 05-16-2017, 08:44 AM   #5
BW-userx
LQ Guru
 
Registered: Sep 2013
Location: Somewhere in my head.
Distribution: Slackware (15 current), Slack15, Ubuntu studio, MX Linux, FreeBSD 13.1, WIn10
Posts: 10,342

Rep: Reputation: 2242Reputation: 2242Reputation: 2242Reputation: 2242Reputation: 2242Reputation: 2242Reputation: 2242Reputation: 2242Reputation: 2242Reputation: 2242Reputation: 2242
yeah people do that sometime, get carried away --

It does not say what it is actually for, no comments to let anyone know what it is doing anywhere within that first 'install' script. I personally see no use for it even if I was running Debian. Most scripts are personal but some can be for others too. Again I have no idea what purpose it is to be used and what it is installing. Lack of documentation within the script.

I can see how someone else would and is getting a little worried about your script. All they see is
Code:
--allow-unauthenticated
which by the name to me means install anything that has not even been verified safe. Which can lead to security issues.

Last edited by BW-userx; 05-16-2017 at 08:49 AM.
 
Old 05-16-2017, 08:51 AM   #6
rtmistler
Moderator
 
Registered: Mar 2011
Location: USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu, Debian
Posts: 9,891
Blog Entries: 13

Rep: Reputation: 4944Reputation: 4944Reputation: 4944Reputation: 4944Reputation: 4944Reputation: 4944Reputation: 4944Reputation: 4944Reputation: 4944Reputation: 4944Reputation: 4944
It's not clear to me that the members of that forum were particularly rude at all, they were asking for more information about what your question was, or what your intentions were. Yes, eventually things get close to rude, or seem that way. When a poster remains, sorry to say, "obtuse" with their intentions, against numerous requests back, this may be the unfortunate result.

It seems as if the members of that forum noted that this script was a compilation of existing example scripts from that forum, or your shell to run scripts from their tutorials scripts, and they were all asking what your points were as well as whether or not you were citing a problem with the script you did write.

A future suggestion is to post script source directly within a question thread, cite the sections where you'd like suggestions or are having problems and wish input for solutions.
 
Old 05-16-2017, 02:17 PM   #7
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 19,872
Blog Entries: 12

Rep: Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053
^ one has to click on the links (that op posted, links to their own "website") and have a look at all that "content" to understand what the commotion is about.

OP should just have posted one script (and ask for help with it) instead of pointing people to their website and the dubious plans they have for it.

and yes, the general atmo is different at fdn, but even taking that into account, some really got carried away.

Last edited by ondoho; 05-16-2017 at 03:01 PM.
 
Old 05-16-2017, 02:33 PM   #8
floppy_stuttgart
Senior Member
 
Registered: Nov 2010
Location: EU mainland
Distribution: Debian like
Posts: 1,166
Blog Entries: 5

Rep: Reputation: 107Reputation: 107
Quote:
Originally Posted by pedros View Post
I wrote some bash script, then on a forum I asked for a peer review of it. Most of the response was that it had a security issue. But answers were vage about how to fix the problem. I feel intimitated by the response. Perhaps I asked the wrong questions in the wrong way? Can someone please read my post, and tell me what I did wrong?
http://forums.debian.net/viewtopic.php?f=10&t=133008
The way of communicating should change..
a) explaining here you feel bad in another place and asking us to confirm your bad feeling are real? this is like asking for cuddle here. You will not get much cuddles.. only solution for precise questions
b) when you ask a question, please be precise where we immediately see what proposal we can make (small): we are not here to do all checks and whole work. I experience this often: people putting a lot of data into excel files and asking me to confirm the whole data. my answer is often: "no, its your work and I dont give my absolution. What is the precise question and the clear clarification task I should do?"
Finally: I can help here. Explain to me your (small) problem and perhaps I will help if I know the solution or a part of it. I dont get money for helping here.
This is just my view.
 
Old 05-17-2017, 02:16 PM   #9
jefro
Moderator
 
Registered: Mar 2008
Posts: 22,105

Rep: Reputation: 3638Reputation: 3638Reputation: 3638Reputation: 3638Reputation: 3638Reputation: 3638Reputation: 3638Reputation: 3638Reputation: 3638Reputation: 3638Reputation: 3638
They have their forum and maybe a way to correct how their members reply. Some forums are full of less than professional members. Not really LQ's concern however.

There were two issues they presented. One was if they would help you program. Two was some aspect of the work (they felt it was suspicious.)

Your question here asks a slightly different issue. That being how to become a trusted source. In a real sense, all work is un-trusted. Trusted only means there is some way to authenticate the data to some source. In apt you have a mechanism in place. https://wiki.debian.org/SecureApt However it is unlikely that your work would be placed in standard locations. You'd have to have users add your locations to their trust.

Last edited by jefro; 05-17-2017 at 02:19 PM.
 
Old 05-17-2017, 03:47 PM   #10
pedros
Member
 
Registered: May 2017
Posts: 85

Original Poster
Rep: Reputation: Disabled
Thank you all for your comments.

You have given me the answers that I was looking for in this post. I should make my questions more specific. I should explain why things are done. And here are my specific responses to each of your posts.

to rtmistler, Moderator. I accept your offer.
I could not find Programming, so I posted in software category, How to run this debian example?

to AwesomeMachine, Senior Member.
There is a package named debian-policy that does not discuss forum posting. You are probably refering to the page Forum guidelines
http://forums.debian.net/viewtopic.php?f=30&t=10653 It says Do not cross post. That was an honest mistake. I did not know my first post was moved to another category. It says make your question as clear as possible. I had several vague questions.

to BW-userx, Senior Member.
My writing style for the website was intended for someone to reproduce the result. When I redo the site, I will consider explaining why things are done.

to rtmistler, Moderator.
Thank you for pointing that out. My questions were vague, and I did not state my intentions.

to ondoho.
When I started this topic, I did not understand why people were so upset, but I suspected it had something to do with my site, so I did not post a link to it here. I did not realise people would be suspicious of visiting my site.

to floppy_stuttgart.
I posted here to get another viewpoint of the problem, and that stratagy gave very good results. I did get some solutons.

to jefro, Moderator.
I was told to NEVER run scripts from an untrusted source. So I assumed that I was being told to become a trusted source.
 
Old 05-18-2017, 11:36 AM   #11
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 19,872
Blog Entries: 12

Rep: Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053
you did not address me as "LQ Addict"

(SCNR)
 
Old 05-18-2017, 11:55 AM   #12
rtmistler
Moderator
 
Registered: Mar 2011
Location: USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu, Debian
Posts: 9,891
Blog Entries: 13

Rep: Reputation: 4944Reputation: 4944Reputation: 4944Reputation: 4944Reputation: 4944Reputation: 4944Reputation: 4944Reputation: 4944Reputation: 4944Reputation: 4944Reputation: 4944
Quote:
Originally Posted by pedros View Post
to rtmistler, Moderator. I accept your offer.
I could not find Programming, so I posted in software category, How to run this debian example?
I see your thread in Software and see that Shaow_7 has offered a possible solution. Recommend you follow-up with that suggestion and update in that thread if it solved your problem.

Does this resolve your questions for this thread? If so then suggest you mark this thread as Solved by using the thread tools.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LubuntuSoftwareCenter looses list of selected Software if 1item source not trusted holgetr Linux - Software 4 01-30-2013 10:49 PM
The software is not from a trusted source. clausawits Fedora 4 06-06-2011 09:02 PM
Trusted CA cipherus Linux - Security 5 01-06-2010 06:37 PM
School Work: Paper on Closed Source vs Open Source oswars General 2 04-06-2007 12:37 PM
Trusted system juno Linux - General 1 12-24-2002 05:43 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 07:48 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration