[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#726393: general: Possible malware infections in source packages



On Wed, Oct 16, 2013 at 11:12:47AM +0200, Marc Haber wrote:
> On Tue, 15 Oct 2013 12:54:36 +0200, Dominik George <nik@naturalnet.de>
> wrote:
> >> Some of the source packages were caught on a gateway anti-virus scanner while
> >> downloading.
> >
> >Using a gateway anti-virus scanner for downloads from the Debian archive
> >seems a bit inappropriate, well, paranoid. Checking the signed hashsums
> >would seem a lot better to verify the downloads; if Debian's
> >infrastructure were compromised so viruses could get in *and* be signed,
> >we and you have other problems.
> 
> In many organisations it would be a _huge_ hassle to be allowed to
> Download Debian packages directly while bypassing the gateway scanner.
> It might even lead to a knee-jerk reaction like "This Debian thingy
> keeps setting off our security alerts, let's ban it and use a
> supported enterprise distro".
> 
> Greetings
> Marc
> -- 
> -------------------------------------- !! No courtesy copies, please !! -----
> Marc Haber         |   " Questions are the         | Mailadresse im Header
> Mannheim, Germany  |     Beginning of Wisdom "     | http://www.zugschlus.de/
> Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: E1VWN9r-0004kh-Lm@swivel.zugschlus.de">http://lists.debian.org/E1VWN9r-0004kh-Lm@swivel.zugschlus.de

You have _NO_ idea just how close to the truth you are - but even enterprise distributions
trigger anti-virus programs. Pretty much all false positives, but still ..

All the best,

AndyC


Reply to: