Linked by Thom Holwerda on Wed 16th Dec 2009 21:38 UTC, submitted by whorider
Privacy, Security, Encryption This news is already a week old, but it only got submitted to us today, and I didn't notice it all. As it turns out, two malicious software packages had been uploaded to GNOME-Look.org, masquerading as valid .deb packages (a GNOME screensaver and theme, respectively).
Permalink for comment 400111
To read all comments associated with this story, please click here.
RE[5]: Audit packages - Debian
by jabbotts on Thu 17th Dec 2009 15:29 UTC in reply to "RE[4]: Audit packages"
jabbotts
Member since:
2007-09-06

It depends on the distribution. I think most of the security research community would be impressed if you could get a malicious package through Debian's vetting stages and into stable back-ports or testing repositories.

Reply Parent Score: 2