Linked by Thom Holwerda on Wed 16th Dec 2009 21:38 UTC, submitted by whorider
Privacy, Security, Encryption This news is already a week old, but it only got submitted to us today, and I didn't notice it all. As it turns out, two malicious software packages had been uploaded to GNOME-Look.org, masquerading as valid .deb packages (a GNOME screensaver and theme, respectively).
Permalink for comment 400063
To read all comments associated with this story, please click here.
RE[2]: Audit packages
by strcpy on Thu 17th Dec 2009 07:22 UTC in reply to "RE: Audit packages"
strcpy
Member since:
2009-05-20


I, personally, would maintain that it is better and easier (and far more thorough) to have the distribution's maintainers worry about auditing each package.


While I agree with you in that repositories are the way to go, I don't really believe the above is true. Package maintainers are just guys like you and me, with little time to audit packages. The constant flux of security updates is a testimony of this.

Reply Parent Score: 2