[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#413070: notes on security

Quoting Jari Aalto <jari.aalto@cante.net>:
I think you refer to tar.gz etc. sources that are available from Web
pages. In this case the sources are fetched from Bazaar version control
repository hosted by launchpad.net. The repository's integrity isn't
compromized while the cloning, the download, happends.

If you have more information about bzr version control repository
breaches or their lack of security, please let me know.
Not sure how the source for the code would improve security?
I mean regardless of whether you download a tgz or something from VCS,... this means, that without additional checking, installation of a debian package introduces unverified code, or not?


This message was sent using IMP, the Internet Messaging Program.

Reply to: