Linked by Thom Holwerda on Wed 16th Dec 2009 21:38 UTC, submitted by whorider
Privacy, Security, Encryption This news is already a week old, but it only got submitted to us today, and I didn't notice it all. As it turns out, two malicious software packages had been uploaded to, masquerading as valid .deb packages (a GNOME screensaver and theme, respectively).
Permalink for comment 400145
To read all comments associated with this story, please click here.
RE[2]: Bottom Line
by WorknMan on Thu 17th Dec 2009 18:21 UTC in reply to "RE: Bottom Line"
Member since:

If anything, this incident just underlines the points: that one simply cannot trust downloading from websites, no matter how seemingly reputable; and that one should always use the package manager, and ONLY the package manager, to install applications and utilities for Linux systems.

In other words, if you had source code available for every Windows application you ran, and had eyes on that code that would package it for you, then Windows would probably be just as secure as Linux is.

Unfortunately, telling people that the only way to secure their systems is not to run any app who's source code hasn't been reviewed by a committee is just not very practical for a lot of folks, because it severely limits the apps you would be allowed to run. Not everything that is useful to me out in the wild is open source. If that wasn't the case, then those of us who use proprietary software wouldn't have to take the risk of downloading binaries from 3rd party websites and running them.

Reply Parent Score: 2