Actually it’s just an archive. It can be easily extracted using dpkg -x *.deb ~/.local for example.
Software developer interested into security and sustainability.
- 0 Posts
- 6 Comments
Joined 2 years ago
Cake day: July 3rd, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
6·3 months agoTrue. Technically the bounds for the validity period are from Jan 1, 1950 to Dec 31, 9999.
It is the stream itself that is buffered, so the terminal does not handle the contents until the stream is flushed.
Eval is bad for security boundaries and the string based approach is a pain to develop and maintain. An alternative that is equally bad for security but better for development would be dynamic imports using importlib.
If you want to support custom scripts while enforcing security boundaries, you could use an embeddable interpreter like lua, or create your own.
You’re right, apparently amongst other things there are some hooks that are ran during the package’s lifecycle in something that is called the control archive.