Re: Does Debian need to enforce a better Security policy for packages?
Michael Robinson <email@example.com> writes:
> FreeBSD does it for their ports tree. In fact, this has been a
> matter of controversy, as the FreeBSD team issues a huge number of
> security advisories for software that really has nothing to do with
> FreeBSD. This has caused casual observers to erroneously believe
> FreeBSD is less secure than other less carefully managed operating
> system projects.
I believe this would not be reasonable for the Debian distribution,
but you could create a customized and secure Debian version where you
do a source code audit before accepting any package. Or maybe it could
be done with another APT tree?
well, just my 2 cents