Re: Compromising Debian Repositories
On 08/03/13 13:36, Rick Moen wrote:
> Quoting Volker Birk (vb@pibit.ch):
>
>> Really?
>>
>> How do you detect, if maintainer's patches contain backdoors? If I would
>> want to attack Debian, I would try to become the maintainer of one of
>> the most harmless, most used packages. And believe me, you wouldn't see
>> at the first glance, that this source code patch is containing a
>> backdoor....
>
> Indeed, this whole line of query (from someone who cannot even bother to
> read debian-legal and wants to be CCed; no thanks) is basically pretty
> dumb and can be avoided by reading Ken Thompsen's 'Reflections on
> Trusting Trust', contemplating the nature of the accountability and
> tracking facilitated by the Debian maintainer process (and its design
> limits), and, y'know, bothering to think a bit.
I'm not sure that hostility is warranted.
It still sparked a discussion, and it's definitely interesting to think
about.
-R
Reply to: