[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Compromising Debian Repositories

I was reading this [1] article and it brought a question do my mind: How hard would it be for the FBI or the NSA or the CIA to have a couple of agents infiltrated as package mantainers and seeding compromised packages to the official repositories?

Could they submit an uncompromised source and keep a small patch that they apply before building and sending it to the repository? Or is the building process done on Debian servers?

1: http://online.wsj.com/article_email/SB10001424127887323997004578641993388259674-lMyQjAxMTAzMDAwMTEwNDEyWj.html

PS: I am not subscribed to this list, please keep my address in copy

Reply to: