Actually, yes. Because it’s just data. It might change system behaviors in annoying ways when programs read that data, but it’s just data.
Executing curl | sudo bash because docker said so, or some flavor of the week python packages manager says so, or because you want to run tailscale and your distro doesn’t have a package…any of those scenarios relies much much much much much more on trust and is a major security flaw in how applications are distributed on Linux.
Actually, yes. Because it’s just data. It might change system behaviors in annoying ways when programs read that data, but it’s just data.
Executing curl | sudo bash because docker said so, or some flavor of the week python packages manager says so, or because you want to run tailscale and your distro doesn’t have a package…any of those scenarios relies much much much much much more on trust and is a major security flaw in how applications are distributed on Linux.