Re: Unofficial binary Debian packages considered insecure?

On Sat, May 29, 2004 at 07:33:53AM -0500, John Hasler wrote: Brian Nelson writes: It's the reason why Debian has a maintainer application process, requires new maintainer gpg keys to be signed by existing developers, and requires all uploads to be gpg signed by a key in the Debian keyring.

Re: Unofficial binary Debian packages considered insecure?

Brian Nelson writes: It's the reason why Debian has a maintainer application process, requires new maintainer gpg keys to be signed by existing developers, and requires all uploads to be gpg signed by a key in the Debian keyring. So use only backports done by Debian maintainers. -- John

Unofficial binary Debian packages considered insecure?

I have been looking at a few of the the sites that offer unofficial debian packages, and I am somewhat confused about the security issues. I am not a great Linux guru, so I wonder how easy it would be to hide a rootkit in a binary package and submit it to apt-get.org or backports.org. Is this a

Re: Unofficial binary Debian packages considered insecure?

On Fri, May 28, 2004 at 09:57:33PM +0200, Niels L. Ellegaard wrote: I have been looking at a few of the the sites that offer unofficial debian packages, and I am somewhat confused about the security issues. I am not a great Linux guru, so I wonder how easy it would be to hide a rootkit in a

Re: Unofficial binary Debian packages considered insecure?

[EMAIL PROTECTED] (Niels L. Ellegaard) writes: I have been looking at a few of the the sites that offer unofficial debian packages, and I am somewhat confused about the security issues. I am not a great Linux guru, so I wonder how easy it would be to hide a rootkit in a binary package and

Re: Unofficial binary Debian packages considered insecure?

[EMAIL PROTECTED] (Niels L. Ellegaard) writes: I have been looking at a few of the the sites that offer unofficial debian packages, and I am somewhat confused about the security issues. And that's a healthy attitude to take with unofficial packages (or even official ones if you run sid, which

Re: Unofficial binary Debian packages considered insecure?

Brian Nelson [EMAIL PROTECTED] writes: It's the reason why Debian has a maintainer application process, requires new maintainer gpg keys to be signed by existing developers, and requires all uploads to be gpg signed by a key in the Debian keyring. Of course this doesn't prevent a Debian