Linked by Jordan Spencer Cunningham on Mon 14th Jun 2010 23:58 UTC
Bugs & Viruses Recently, the Linux version of UnrealIRCd was discovered to have had a Trojan worm its way into the source code. Even more embarrassing for the developers of Unreal is that the Trojan's been holding open the backdoor in the source code since November of 2009-- not very recently. And, of course, bloggers and press in general are taking the opportunity of another breach in Linux security to point out doomsday devices that don't really exist.
Thread beginning with comment 430067
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: Comment by lemur2
by Lennie on Tue 15th Jun 2010 07:49 UTC in reply to "RE[2]: Comment by lemur2"
Lennie
Member since:
2007-09-22

The problem with ppa is, who is behind the ppa/gpg-key ?

Yes, you can prove which lauchpad user it was, but that is about it (just like any other piece of software you download of the internet).

Atleast with a direct distribution-channel, you have a change more people have looked at it before it went in to a release.

Reply Parent Score: 2

RE[4]: Comment by lemur2
by lemur2 on Tue 15th Jun 2010 10:29 in reply to "RE[3]: Comment by lemur2"
lemur2 Member since:
2007-02-17

The problem with ppa is, who is behind the ppa/gpg-key ?


It is sent via a key server, and AFAIK that is itself an installation signed by Ubuntu's repository key.

Your key isn't just generated by yourself, you have to get "cred" for your key in order for it to get on a key server.

http://en.wikipedia.org/wiki/Key_signing_party

Reply Parent Score: 2

jabbotts Member since:
2007-09-06

There was a huge shipment of Windows boxed copies on it's way to retail stores that got stopped by police a few years back. All counterfeit and riddled with malware. You can't even trust hardcopy distribution these days.. eesh..

Reply Parent Score: 2

Lennie Member since:
2007-09-22

WIth direct distribution channel I meant the Linux-distributions. :-)

Atleast you can md5 the iso before installing.

Reply Parent Score: 2