On 02/15/2009 01:11 PM, T o n g wrote:
On Sun, 15 Feb 2009 13:25:35 -0500, H.S. wrote:
In the last some weeks I recall reading in one of the mailing lists that
it is just a matter of popularity that we are not seeing bad intentioned
debs or rpms on the internet. If Debian/Ubuntu/Fedora were to become
sufficiently popular, the claim is that it would be just as easy and
popular to infect these OSes by making a user install something like
NakedBrittany.deb as is now the case with Windows users.
Don't know where you get it from, but seem to me the person who
> made such claims is a clueless Linux newbie himself. Debian have
> package signature signing and checking years ago, even for
> non-official repos.
*Maybe* not on Debian, since Debian users *tend* to be more
sophisticated, but what's to stop Joe Wannabe from doing this?
$ sudo dpkg -i NakedBrittany.deb
Anyway, twice in the past few years, Debian servers have been
compromised. One time it was thru a weak DD user password, and the
other thru a poorly-working (official) Debian patch to ssh. (Or was
it SSL?) That last one caused more than a minor ruckus.
--
Ron Johnson, Jr.
Jefferson LA USA
Supporting World Peace Through Nuclear Pacification
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
