Actually, yes. Because it’s just data. It might change system behaviors in annoying ways when programs read that data, but it’s just data.
Executing curl | sudo bash because docker said so, or some flavor of the week python packages manager says so, or because you want to run tailscale and your distro doesn’t have a package…any of those scenarios relies much much much much much more on trust and is a major security flaw in how applications are distributed on Linux.
Yeah, but regedit is a GUI. So it’s all cool and dandy.
Actually, yes. Because it’s just data. It might change system behaviors in annoying ways when programs read that data, but it’s just data.
Executing curl | sudo bash because docker said so, or some flavor of the week python packages manager says so, or because you want to run tailscale and your distro doesn’t have a package…any of those scenarios relies much much much much much more on trust and is a major security flaw in how applications are distributed on Linux.