On 02/15/2009 01:11 PM, T o n g wrote:
On Sun, 15 Feb 2009 13:25:35 -0500, H.S. wrote:In the last some weeks I recall reading in one of the mailing lists that it is just a matter of popularity that we are not seeing bad intentioned debs or rpms on the internet. If Debian/Ubuntu/Fedora were to become sufficiently popular, the claim is that it would be just as easy and popular to infect these OSes by making a user install something like NakedBrittany.deb as is now the case with Windows users.Don't know where you get it from, but seem to me the person who
> made such claims is a clueless Linux newbie himself. Debian have > package signature signing and checking years ago, even for > non-official repos.
*Maybe* not on Debian, since Debian users *tend* to be more sophisticated, but what's to stop Joe Wannabe from doing this?
$ sudo dpkg -i NakedBrittany.debAnyway, twice in the past few years, Debian servers have been compromised. One time it was thru a weak DD user password, and the other thru a poorly-working (official) Debian patch to ssh. (Or was it SSL?) That last one caused more than a minor ruckus.
-- Ron Johnson, Jr. Jefferson LA USA Supporting World Peace Through Nuclear Pacification