[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: leaks in our only-signed-software fortress

Am 18.02.2012 13:14, schrieb Benjamin Drung:
This is no problem for us, because the malware was distributed on some untrustworthy websites. We, as packagers, get the code directly from the
Videolan project.

So you meet them once in person and exchanged some kind of PKI/shared secret etc? That's great then of course and the ideal case of securely getting the sources as a maintainer :-)

But I guess only a small fraction of our packages have such a secure trust path to their upstream.


Reply to: