Linked by Thom Holwerda on Wed 16th Dec 2009 21:38 UTC, submitted by whorider
Privacy, Security, Encryption This news is already a week old, but it only got submitted to us today, and I didn't notice it all. As it turns out, two malicious software packages had been uploaded to GNOME-Look.org, masquerading as valid .deb packages (a GNOME screensaver and theme, respectively).
Thread beginning with comment 400006
To read all comments associated with this story, please click here.
PPA != Repository
by cyberpython on Wed 16th Dec 2009 22:58 UTC
cyberpython
Member since:
2009-02-02

I think that what Thom means by the term PPA is the distribution's official repositories.
PPA stands for Personal Package Archive and I don't see the reason why someone cannot make available some malicious code (probably hidden inside an otherwise useful application) through their PPA.

Reply Score: 2

RE: PPA != Repository
by lemur2 on Thu 17th Dec 2009 00:48 in reply to "PPA != Repository"
lemur2 Member since:
2007-02-17

I think that what Thom means by the term PPA is the distribution's official repositories. PPA stands for Personal Package Archive and I don't see the reason why someone cannot make available some malicious code (probably hidden inside an otherwise useful application) through their PPA.


PPAs are not distribution repositories, they are outside of that system. Use them at your own risk, because they are not audited by anyone associated with your Linux distribution.

Being outside of the distribution means that PPAs are no more trustworthy than downloading a package using a web browser and installing it manually.

Edited 2009-12-17 01:02 UTC

Reply Parent Score: 3