[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#726393: general: Possible malware infections in source packages

On Wed, 16 Oct 2013 20:17:53 +0000, "Andrew M.A. Cater"
<amacater@galactic.demon.co.uk> wrote:
>On Wed, Oct 16, 2013 at 11:12:47AM +0200, Marc Haber wrote:
>> On Tue, 15 Oct 2013 12:54:36 +0200, Dominik George <nik@naturalnet.de>
>> wrote:
>> >> Some of the source packages were caught on a gateway anti-virus scanner while
>> >> downloading.
>> >
>> >Using a gateway anti-virus scanner for downloads from the Debian archive
>> >seems a bit inappropriate, well, paranoid. Checking the signed hashsums
>> >would seem a lot better to verify the downloads; if Debian's
>> >infrastructure were compromised so viruses could get in *and* be signed,
>> >we and you have other problems.
>> In many organisations it would be a _huge_ hassle to be allowed to
>> Download Debian packages directly while bypassing the gateway scanner.
>> It might even lead to a knee-jerk reaction like "This Debian thingy
>> keeps setting off our security alerts, let's ban it and use a
>> supported enterprise distro".
>You have _NO_ idea just how close to the truth you are

I think I know.

>- but even enterprise distributions
>trigger anti-virus programs. Pretty much all false positives, but still ..

Yes, but that's enterprise software with support that we have paid
$AMOUNT of $CURRENCY for. That can't be bad, or our decision would be
wrong, which is not possible with regard to the career of the people
who had taken that decision.

-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber         |   " Questions are the         | Mailadresse im Header
Mannheim, Germany  |     Beginning of Wisdom "     | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834

Reply to: