[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Compromising Debian Repositories

Robert Tomsick:
> On 08/03/13 13:36, Rick Moen wrote:
>> Quoting Volker Birk (vb@pibit.ch):
>>
>>> Really?
>>>
>>> How do you detect, if maintainer's patches contain backdoors? If I would
>>> want to attack Debian, I would try to become the maintainer of one of
>>> the most harmless, most used packages. And believe me, you wouldn't see
>>> at the first glance, that this source code patch is containing a
>>> backdoor....
>>
>> Indeed, this whole line of query (from someone who cannot even bother to
>> read debian-legal and wants to be CCed; no thanks) is basically pretty
>> dumb and can be avoided by reading Ken Thompsen's 'Reflections on
>> Trusting Trust', contemplating the nature of the accountability and
>> tracking facilitated by the Debian maintainer process (and its design
>> limits), and, y'know, bothering to think a bit.
> 
> I'm not sure that hostility is warranted.
> 
> It still sparked a discussion, and it's definitely interesting to think
> about.

Yes, I also think the original poster should sign up until this
discussion as ended. Wasn't the most friendly act someone ever made. He
could have just read the mailing list archive. Anyhow...

I am happy the topic came up and its being discussed, no matter who
started it.
Reply to: