So I was browsing the web the other day, and I came across a few places that wanted me to download .deb files - and since those are installed by root (and as such have the "powers" and capabilities of root), I wasn't sure about that.
Things to consider:
How well known is the site? For example, was it a random blog covered in ads, was it a random user on some forum, or was it a well known, respected site?
What does it claim to install? For example, does it claim to install a kernel or a iconset, but is it only 1MB big?
How "important" is it that you have the contents of this .deb?
Ways to test things securely:
I use arkose (its in the standard repos
) sandboxing with my debs (and other things) - use it something like this:
sudo arkose -n -c "cd $PWD; $SHELL"
What that does it give me a "sandbox" (otherwise known as "YAY I CAN SCREW UP!") with copy-on-write access to everything on my computer, including my home directory - so if the nasty nasty .deb does sudo rm -rf /*, I DON'T LOSE ANY DATA!
Another thing that isn't stressed enough is MAKE BACKUPS. Those are extremely helpful, and we have many questions on the topic.
In short, just make sure you think about it, and don't just download a random deb and install it.
