Also, for anyone wondering how easy it would be for some malcious idiot to infect a Linux box, ask how many people are now running Hula. Now, how many audited that code first? Now, how many had to run it as root to even get it to run? Now, how many people put it onto their box merely because it was released. Now, how many people, before installing it, knew what the fuck it even does? Remember: Linux is airtight, nothin’ll get in on one of those boxes, you don’t need to be careful, because you’re totally covered. Running a untested, unaudited network server as root? Spy/mal/adware? Bitch, please, it’s cool. We’ve got some no-exec patches compiled in and everything.
Probably right for dim people. Me, on the other hand, I ran it on my laptop, and it had no network connection while I was doing it. And then I stopped it before opening the network again. Perhaps it installed some spyware. I think it’s unlikely, frankly, because I trust Novell and I trust Nat Friedman, but perhaps Novell are interested in really really annoying their core community and installed some spyware on my machine. Then yep, I’ve been owned. On the other hand, as I have said before , bad programs don’t need to be root. How much safer would I be if I was running the software as my user account? It could still infect my apps; still hide itself all over the place. .gnome/AutoStart, an extension in Firefox, my .bashrc, my .bash_profile, my .xsession, my .xinitrc. In my Gnome configuration as an applet. Being root would allow it to install a few more places, but, like, whatever, man. Root stuff is less bad if I lose it than all the stuff that I can write as a user, because I can reconstitute all root-owned things with a quick blast from the Debian archives. That is, assuming that Debian haven’t decided to add spyware to my machine, just like Novell perhaps have. How are GPG keys going to affect that? How can we be snide about the problems of running Hula, from Novell, and not be equally snide about the problems of running Debian software?