I was reading this [1] article and it brought a question do my mind: How hard would it be for the FBI or the NSA or the CIA to have a couple of agents infiltrated as package mantainers and seeding compromised packages to the official repositories?
Could they submit an uncompromised source and keep a small patch that they apply before building and sending it to the repository? Or is the building process done on Debian servers? 1: http://online.wsj.com/article_email/SB10001424127887323997004578641993388259674-lMyQjAxMTAzMDAwMTEwNDEyWj.html PS: I am not subscribed to this list, please keep my address in copy
