On Tue, 2015-06-16 at 00:49 -0400, Michael Gilbert wrote: > Barring the obtusely incorrect rootkit miscategorization
Well, as I've said,.. no one can really tell what it is, since it's a blob,... and even if one would assume that someone could correctly reverse engineer it, or reproducibly build it from public sources, there's absolutely no guarantee that malicious software might have been just distributed to selected people. > oss-sec is a > far better venue for discussion since Debian is not the only > distribution that includes chromium 43 . I don't see how that would practically ever change something at the Debian level; this seems rather like simply pushing away and unpleasant issue. And just because all other distros ship software which injects possibly malicious blobs, we don't have to do the same. Anyway, I haven't said that banning such software from Debian would be the only solution... but at least these incidents come far too frequent recently, so apparently something needs to be done at Debian level to pro-actively prevent future cases/compromises like this. And there's still no single sign of properly visible announcements to user what might have happened here. :( Chris.
smime.p7s
Description: S/MIME cryptographic signature
