[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Compromising Debian Repositories

Quoting Volker Birk (vb@pibit.ch):

> Really?
> How do you detect, if maintainer's patches contain backdoors? If I would
> want to attack Debian, I would try to become the maintainer of one of
> the most harmless, most used packages. And believe me, you wouldn't see
> at the first glance, that this source code patch is containing a
> backdoor....

Indeed, this whole line of query (from someone who cannot even bother to
read debian-legal and wants to be CCed; no thanks) is basically pretty
dumb and can be avoided by reading Ken Thompsen's 'Reflections on
Trusting Trust', contemplating the nature of the accountability and
tracking facilitated by the Debian maintainer process (and its design
limits), and, y'know, bothering to think a bit.

Reply to: