Re: Bug#726393: general: Possible malware infections in source packages
On Wed, 16 Oct 2013 20:17:53 +0000, "Andrew M.A. Cater"
<amacater@galactic.demon.co.uk> wrote:
>On Wed, Oct 16, 2013 at 11:12:47AM +0200, Marc Haber wrote:
>> On Tue, 15 Oct 2013 12:54:36 +0200, Dominik George <nik@naturalnet.de>
>> wrote:
>> >> Some of the source packages were caught on a gateway anti-virus scanner while
>> >> downloading.
>> >
>> >Using a gateway anti-virus scanner for downloads from the Debian archive
>> >seems a bit inappropriate, well, paranoid. Checking the signed hashsums
>> >would seem a lot better to verify the downloads; if Debian's
>> >infrastructure were compromised so viruses could get in *and* be signed,
>> >we and you have other problems.
>>
>> In many organisations it would be a _huge_ hassle to be allowed to
>> Download Debian packages directly while bypassing the gateway scanner.
>> It might even lead to a knee-jerk reaction like "This Debian thingy
>> keeps setting off our security alerts, let's ban it and use a
>> supported enterprise distro".
>
>You have _NO_ idea just how close to the truth you are
I think I know.
>- but even enterprise distributions
>trigger anti-virus programs. Pretty much all false positives, but still ..
Yes, but that's enterprise software with support that we have paid
$AMOUNT of $CURRENCY for. That can't be bad, or our decision would be
wrong, which is not possible with regard to the career of the people
who had taken that decision.
Greetings
Marc
--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834
Reply to: