Linked by Thom Holwerda on Wed 16th Dec 2009 21:38 UTC, submitted by whorider
Privacy, Security, Encryption This news is already a week old, but it only got submitted to us today, and I didn't notice it all. As it turns out, two malicious software packages had been uploaded to GNOME-Look.org, masquerading as valid .deb packages (a GNOME screensaver and theme, respectively).
Thread beginning with comment 400133
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Sooner or later
by irbis on Thu 17th Dec 2009 17:05 UTC in reply to "Sooner or later"
irbis
Member since:
2005-07-08

Personally, I think they should ban the upload of binary packages to such sites, they just cannot be trusted.

Maybe in theory, yes. But in real life many people would find compiling programs too difficult. On the other hand, it is true that on a theme site like Gnome-look, many themes don't even need packaging, but could be installed as non-binaries.

Other than that, cases like this should be good reminders for ordinary desktop Linux users not to install unknown third party packages so easily. But probably many Linux users already knew this quite well. I just hope that MS Windows users could see the light too, because many of them seem to install relatively unknown binaries from the net all the time. A case like this is rather big news in the Linux world, but all too often Windows users don't seem to care, and may install odd and maybe trojan-infected binaries like pirated software from who knows where, and may simply expect their antivirus and antispyware etc. programs to protect them even if they themselves do stupid things.

Edited 2009-12-17 17:23 UTC

Reply Parent Score: 2