On Tue, Nov 19, 2019 at 7:30 PM Georgi Guninski wrote:
> * What do linux vendors to avoid malicious packages?
Some folks do audits of changes to upstream code, some folks run
static analysis tools on upstream code.
> * As end user what can I do to mitigate malicious packages?
Compartmentalise y
Anyone using this yet?
I would speculate, not many are using it. It needs step by step
instructions. Otherwise, most users are lost at hello.
> Things debcheckroot does not check at the moment are the initrd and
the MBR (master boot record). You may unpack the initrd by hand and
check the files c
As end user and contributor of gnu/linux, I am concerned about malicious
packages (either hostile developers or hacked developers or another reason)
and have two questions:
* What do linux vendors to avoid malicious packages?
* As end user what can I do to mitigate malicious packages?
Some thoug
3 matches
Mail list logo