der Mouse wrote:
The thing is, configure is an excellent place to hide
a malicious
grappling hook: it is frequently run by na?ve installers, not
uncommonly as root; by the nature of what it does, it is hard to
sandbox (for example, it *must* be able to compile and run new
programs); it is large and comparatively difficult to read over for
human verification.
Well, if you're such a paranoid freak about it, only compile in a
virtual machine. Or, roll your own Makefiles from scratch. Or read
through configure.in and generate your own configure script. Or all three.
Gordon