Linked by Thom Holwerda on Wed 16th Dec 2009 21:38 UTC, submitted by whorider
Privacy, Security, Encryption This news is already a week old, but it only got submitted to us today, and I didn't notice it all. As it turns out, two malicious software packages had been uploaded to, masquerading as valid .deb packages (a GNOME screensaver and theme, respectively).
Thread beginning with comment 400020
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: PPA != Repository
by lemur2 on Thu 17th Dec 2009 00:48 UTC in reply to "PPA != Repository"
Member since:

I think that what Thom means by the term PPA is the distribution's official repositories. PPA stands for Personal Package Archive and I don't see the reason why someone cannot make available some malicious code (probably hidden inside an otherwise useful application) through their PPA.

PPAs are not distribution repositories, they are outside of that system. Use them at your own risk, because they are not audited by anyone associated with your Linux distribution.

Being outside of the distribution means that PPAs are no more trustworthy than downloading a package using a web browser and installing it manually.

Edited 2009-12-17 01:02 UTC

Reply Parent Score: 3