Linked by Thom Holwerda on Wed 16th Dec 2009 21:38 UTC, submitted by whorider
Privacy, Security, Encryption This news is already a week old, but it only got submitted to us today, and I didn't notice it all. As it turns out, two malicious software packages had been uploaded to, masquerading as valid .deb packages (a GNOME screensaver and theme, respectively).
Thread beginning with comment 400094
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: eugh @
by vivainio on Thu 17th Dec 2009 13:33 UTC in reply to "eugh @"
Member since:

This has nothing to do with repository systems, and 100% to do with trust.

Of course a repository system provides a degree of trust.

We actually need some kind of global "open source web of trust" system, and getting your key signed would require that:

- You are using your real name
- You have social security number and an address
- You are living in a country where police can throw you to jail if needed

Reply Parent Score: 2