Re: [PLUG] trusting linux packages

Drew Lehman on 10 Dec 2009 08:44:57 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] trusting linux packages

From: Drew Lehman <dlehman@digitatech.com>

To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Subject: Re: [PLUG] trusting linux packages

Date: Thu, 10 Dec 2009 11:44:43 -0500

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

User-agent: Thunderbird 2.0.0.23 (Windows/20090812)

Once Linux becomes more mainstream and non-techie people demand more, this scenario is much more likely to happen. Imagine what will happen when people can't get what they want from the central repositories. I don't think most people will consider the security issues and will simply add new repositories under the instructions of some odd website. This could lead to a rash of malware under Linux. Chad Waters wrote: > http://theravingrick.blogspot.com/2009/12/and-so-it-begins.html > > Someone uploaded a malicious script hidden in a deb purported to be a > screensaver at gnome-look.org > > Its a different scenario, but this is why I cringe when I see a > sources.list with 10 random unofficial repositories. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

References:

[PLUG] trusting linux packages
From: Chad Waters <chad@chadwaters.com>

Prev by Date: Re: [PLUG] LVM partition re-arrangement?

Next by Date: Re: [PLUG] trusting linux packages

Previous by thread: Re: [PLUG] trusting linux packages

Next by thread: [PLUG] USENIX WebApps '10 Submissions Deadline Approaching

Index(es):

Date

Thread