Linked by Thom Holwerda on Wed 16th Dec 2009 21:38 UTC, submitted by whorider
Privacy, Security, Encryption This news is already a week old, but it only got submitted to us today, and I didn't notice it all. As it turns out, two malicious software packages had been uploaded to, masquerading as valid .deb packages (a GNOME screensaver and theme, respectively).
Permalink for comment 400063
To read all comments associated with this story, please click here.
RE[2]: Audit packages
by strcpy on Thu 17th Dec 2009 07:22 UTC in reply to "RE: Audit packages"
Member since:

I, personally, would maintain that it is better and easier (and far more thorough) to have the distribution's maintainers worry about auditing each package.

While I agree with you in that repositories are the way to go, I don't really believe the above is true. Package maintainers are just guys like you and me, with little time to audit packages. The constant flux of security updates is a testimony of this.

Reply Parent Score: 2