Re: Bug#726393: general: Possible malware infections in source packages
On Tue, 15 Oct 2013 12:54:36 +0200, Dominik George <firstname.lastname@example.org>
>> Some of the source packages were caught on a gateway anti-virus scanner while
>Using a gateway anti-virus scanner for downloads from the Debian archive
>seems a bit inappropriate, well, paranoid. Checking the signed hashsums
>would seem a lot better to verify the downloads; if Debian's
>infrastructure were compromised so viruses could get in *and* be signed,
>we and you have other problems.
In many organisations it would be a _huge_ hassle to be allowed to
Download Debian packages directly while bypassing the gateway scanner.
It might even lead to a knee-jerk reaction like "This Debian thingy
keeps setting off our security alerts, let's ban it and use a
supported enterprise distro".
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834