Problem installing azureus

[Paul Howarth]

Dotan Cohen wrote:
> It's just that the OP mentioned that
> 
>>>when i run azureus installation from the terminal i get this
>>>[root at localhost azureus]# ./azureus
> 
> 
> Which to me looks like he is installing Azureus. So I didn't
> understand the point of mentioning not to run the program as root, as
> that was not what he was doing.

Well, an install would look to me more like "make install", but never 
having installed Azureus myself, this may well be how it's installed. I 
don't know.

> As a by-the-way, how am I to know who to trust when I install
> software? I have installed many things from sourceforge. Can I be
> certain to trust every author on sourceforge?

No, you can't. It is not unknown for attempts to be made to install 
backdoors in the source code for well-known projects. The Linux kernel 
itself and sendmail have seen such attempts, and there are probably many 
more examples.

 > Because I feel like if
> I'm downloading something, su, then running (installing) it, I am
> doing something unsafe.

You are. Ideally you'd review the code yourself but in most cases this 
is impractical. It's certainly good practise to check any signatures 
that are supplied by the author to verify the integrity of the source 
code, but that doesn't help you if the author has inserted the bad code 
himself. Another precaution might be to install only well-established 
software, which has built up a good reputation.

 > Not everything is available in yum.
> 
> For that matter, how to be sure that all which is included in yum is safe?

Again, you can't. You have to trust the packager as well as the original 
author. It boils down to how much you trust each repo.

Paul.