Packages are signed, unless they're infected at the source, you can't
attach/embed malware in them enroute to your machine.
Upstream could insert much more incidious things into a package then
malware. Scanning for malware is only going to help you find known
pieces of malware with known signautre
On Wed, 2013-04-24 at 13:47 -0400, Mark E. Lee wrote:
> As seen by some malignant Android apps, trust in the
> developer/maintainer does not always work
IMO this is an improper comparison. The Android community is completely
different to the Linux, BSD etc. communities. You might call Android a
Li
No.
There is package signing now. You already verify that the guy who put
his package on the repo is the guy you trust as your binary source.
How do you know? Because you could build the exact same binary with an
archlinux source package and current devtools. The unholy mess gcc is
is entrusted wi
On 2013-04-24 13:47, Mark E. Lee wrote:
> As seen by some malignant Android apps, trust in the
> developer/maintainer does not always work towards the goals of the end
> users. Packages downloaded from the main repos or built from the AUR
> should be scanned for both windows and linux malware to en
On Wed, 2013-04-24 at 12:57 -0400, arch-general-requ...@archlinux.org
wrote:
> On Tuesday, April 23, 2013 06:56:56 PM Daniel Micay wrote:
> > On Tue, Apr 23, 2013 at 1:10 PM, Mark E. Lee
> wrote:
> > > While building packages on the AUR, I was wondering that except
> for
> > > manual user interven
5 matches
Mail list logo
