Linked by Thom Holwerda on Wed 16th Dec 2009 21:38 UTC, submitted by whorider
Privacy, Security, Encryption This news is already a week old, but it only got submitted to us today, and I didn't notice it all. As it turns out, two malicious software packages had been uploaded to, masquerading as valid .deb packages (a GNOME screensaver and theme, respectively).
Permalink for comment 400184
To read all comments associated with this story, please click here.
RE[4]: Bottom Line
by google_ninja on Thu 17th Dec 2009 22:33 UTC in reply to "RE[3]: Bottom Line"
Member since:

In a general way I wasn't really arguing with you. My problem was "If you do this, you are safe". Its not that cut and dried. For example, debian has an extensive testing, maintenance, and QA process they follow, with checks built in to the package manager to prevent tampering, slackware is basically stuff pushed up to an FTP, and then mirrored out. I would trust debian a heck of a lot more then slack. (not to say I wouldn't trust slack, just that debian has more focus on this, and is more then one guy)

The same trust thing is true on windows, if you download something anonymously off of an anonymous torrent site, I would have a very low level of trust. If you download something off of source forge, I would have a much higher level of trust, although significantly less then from debian, and would probably verify the signature before installing it on a server. If I download something from I would actually hope to get a virus, since they would probably be will to pay a lot of money to shut me up due to how much they have on the line ;-)

Too many people just want magic bullet solutions, and assume they are safe. It doesn't matter how many security products you have on windows, whether or not you use linux, or how you download your files. There is always a chance of bad things happening, it is all about doing things to lower the risk, and never just assuming you are safe.

Reply Parent Score: 2