Linked by Jordan Spencer Cunningham on Mon 14th Jun 2010 23:58 UTC

Thread beginning with comment 430044
To view parent comment, click here.
To read all comments associated with this story, please click here.
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:
2007-02-17
I don't know who was actually telling you that, but if they did they got the story wrong.
The method that distributions employ to provide a guaranteed malware-free set of packages involves not only inspection and testing of the source code as it is accepted into Linux distribution repositories, but it also involves GPG signing of packages and package managers on the user's computers to install packages.
None of the latter were involved in this UnrealIRCd incident. Being open source alone is not enough, and this incident highlights that fact very well indeed.
The only system with an impeccable record of delivery of malware-free software to end user's systems is open source software delivered via distribution repositories and package managers.
Edited 2010-06-15 02:59 UTC