Linked by Thom Holwerda on Wed 16th Dec 2009 21:38 UTC, submitted by whorider
Privacy, Security, Encryption This news is already a week old, but it only got submitted to us today, and I didn't notice it all. As it turns out, two malicious software packages had been uploaded to, masquerading as valid .deb packages (a GNOME screensaver and theme, respectively).
Permalink for comment 400104
To read all comments associated with this story, please click here.
RE[4]: Audit packages
by strcpy on Thu 17th Dec 2009 15:01 UTC in reply to "RE[3]: Audit packages"
Member since:

Sure. No big disagreements there.

Yet, the packagers seldom audit the actual source code from which the binary is packaged.

I believe, as you, that the "audits" you mention are generally sufficient enough to ensure that no malware gets through. But that is not to say that no security vulnerabilities wouldn't get through.

Edited 2009-12-17 15:02 UTC

Reply Parent Score: 2