Re: Compromising Debian Repositories
On Sat, 03 Aug 2013, Volker Birk wrote:
> On Sat, Aug 03, 2013 at 08:46:53PM +1000, Aníbal Monsalve Salazar wrote:
> > On Sat, Aug 03, 2013 at 12:17:06PM +0200, Volker Birk wrote:
> > > Not to mention the build tool chains.
> > It reminds me of Ken Thompson's article Reflections on Trusting Trust.
> Yes, that's what I'm alluding to. For attacking Debian, being a
> maintainer of say, binutils or gcc would be best. But hey, there are
You'd just go upstream, and attack all distros at once. It is actually
safer that way.
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot