D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Linux Trojan Raises Malware Concerns - might be of interest

 

El lun, 14-06-2010 a las 12:52 +0100, Gordon Henderson escribiÃ:
> On Mon, 14 Jun 2010, Juan J. MartÃnez wrote:
> 
> > I verify the sources integrity before installing, because it's easier
> > than review the source code looking for backdoors ;)
> 
> Reviewing source code for backdoors is pretty pointless anyway ...

It was a joke (notice the ";)" at the end of the sentence) :)

Anyway, at the end you have to trust in the community.

Does anybody remember this?

http://lists.debian.org/debian-security-announce/2008/msg00152.html

Debian openssl package was generating weak keys for two years just
because someone put the wrong compilation flag (or something like that,
I don't remember exactly).

Said that, at least we should use the available tools to avoid malicious
modification of the packages!

Cheers,

Juanjo

-- 
jjm's home: http://www.usebox.net/jjm/
blackshell: http://blackshell.usebox.net/
 ramble on: http://rambleon.usebox.net/


-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html