[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Compromising Debian Repositories

On 08/03/13 13:36, Rick Moen wrote:
> Quoting Volker Birk (vb@pibit.ch):
>> Really?
>> How do you detect, if maintainer's patches contain backdoors? If I would
>> want to attack Debian, I would try to become the maintainer of one of
>> the most harmless, most used packages. And believe me, you wouldn't see
>> at the first glance, that this source code patch is containing a
>> backdoor....
> Indeed, this whole line of query (from someone who cannot even bother to
> read debian-legal and wants to be CCed; no thanks) is basically pretty
> dumb and can be avoided by reading Ken Thompsen's 'Reflections on
> Trusting Trust', contemplating the nature of the accountability and
> tracking facilitated by the Debian maintainer process (and its design
> limits), and, y'know, bothering to think a bit.

I'm not sure that hostility is warranted.

It still sparked a discussion, and it's definitely interesting to think


Reply to: