Rene Rivera wrote:
Daryle Walker wrote:
I dislike the idea of executable-wrapped archives in general. You only have a creator's word that the file isn't actually a Trojan and/or infected with a virus. (Even a trustworthy creator may get overridden by a cracker's altered archives.)
That is true regardless of type of archive. The source archives are just as susceptible to tampering as the executable ones. And such tampering has occurred in other open source distributed material.
I believe what Daryle is getting at here is the fact that on one particular platform it is common practice to execute a downloaded file itself (or an attachment, or...) instead of using a trusted local executable to inspect the content of a downloaded file. It's certainly always a good idea to validate the integrity of an unknown file, however it's much less dangerous if such files are passive data instead of executable code that could harm the whole machine. Regards, Stefan