|Version 5 (modified by paulx@…, 6 years ago)|
Shepherd represents an increased security risk to your system compared to most programs because it auto-updates. That is, once installed it will by default download newer versions of itself and its components and run them. This is done because grabbers tend to be very fragile; that is, they usually break when the source web site changes, leaving users with incorrect or no guide data. To combat this, Shepherd automatically implements any fixes or improvements as the developers release them.
If you are not completely comfortable with Shepherd auto-updating, there are things you can do to reduce your security exposure.
Turn off auto-update
When run with the --noupdate option, Shepherd will simply grab data, and not download any new code. This makes the security risk of running Shepherd the same as running any other program.
The disadvantage, of course, is that if Shepherd breaks, you will need to detect this yourself, and fix it manually (e.g. run it with the --update option).
Please note that bugfixes and improvements to Shepherd and its components are made available very frequently, which tend to improve the quality, quantity, and reliability of the guide data acquired. If you usually run Shepherd with --noupdate, we recommend that you occasionally perform a manual --update in order to get these updates, even if your guide data seems fine.
Run as its own user
If you install and execute Shepherd as its own user, it will be unable to affect any other files on your system.
See also: Security for Debian Based Distributions.