Listaller Project

I theory it is possible to infect a system by executing a malicious IPK installation. But we have included some machanisms to get more security for IPK installations:

1. Standard IPK installations cannot override existing sytem files or delete files from your harddisk
2. IPKPatches, which can override files, need double authorisation by the user to be executed
3. Packages cannot load native RPM/DEB/TGZ/etc. packages from the net without user request
4. Listaller will always try to use packages from the distribution's repositories
5. You can execute applications in a "Testmode" to try their functionality
6. IPK packages cannot register update sources without user request

So, IPK installations aren't more dangerous than installing a native package. It is also planned to add a possibility to sign IPK packages with GnuPG to increase security.