On 17/04/2022 19:26, Satvik Sinha wrote: > Hi,guys and Good Day! So in recent days ,it was observed that many open > source contributors vandalised their or someone else's project's > reputation to show agendas of Russia-Ukraine war, Some even vandalised > their project to destroy system in Russia and Belarus (Node-ipc being > one of them) that affected many people and their trust on open-source > software. So I wanted to ask How safe is Debian doing right now and how > will you guys prevent contributors pushing such malicious code into your > software and how will you detect a software getting vandalised to showed > Anti-war agenda by abusing your OS's reputation?
If there are backdoors in Debian then they are harder to detect. Large intelligence agencies aim for plausible deniability. Look at the infamous OpenSSL vulnerability[1]. After investing so much time planting agents and backdoors in Debian, they will not want to blow their cover by doing something so brash. There has recently been evidence on Debian Community News about some cases, for example: Paul Tagliamonte and Sam Hartman and their Pentagon connections, with photos Jonathan Wiltshire and Chris Lamb having GCHQ proximity, with a map There are approximately 1000 Debian Developers and when one of us makes an upload, there is no obligation for somebody else to check it. On the other hand, there is a period of days or weeks before new uploads can propagate to stable systems. This may make it more robust if you only use stable. debian-proj...@lists.debian.org is now being censored to stop discussions like this about Debian integrity. Regards, Daniel 1. https://igurublog.wordpress.com/2014/04/08/julian-assange-debian-is-owned-by-the-nsa/ -- Debian Developer https://danielpocock.com
