Mercurial > octave-libtiff
changeset 20708:453fca9ae397
pkg: add warning about security implications when using -forge.
author | Carnë Draug <carandraug@octave.org> |
---|---|
date | Tue, 17 Nov 2015 17:57:33 +0000 |
parents | cd1bd06974d8 |
children | a2a99aaf680b |
files | scripts/pkg/pkg.m |
diffstat | 1 files changed, 6 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/scripts/pkg/pkg.m Mon Nov 16 21:27:40 2015 -0800 +++ b/scripts/pkg/pkg.m Tue Nov 17 17:57:33 2015 +0000 @@ -68,6 +68,12 @@ ## Install a package directly from the Octave-Forge repository. This ## requires an internet connection and the cURL library. ## +## @emph{Security risk}: no verification of the package is performed +## before the installation. There are no signature for packages, or +## checksums to confirm the correct file was downloaded. It has the +## same security issues as manually downloading the package from the +## Octave Forge repository and installing it. +## ## @item -verbose ## The package manager will print the output of all commands as ## they are performed.