Am 18.02.2012 13:14, schrieb Benjamin Drung:
This is no problem for us, because the malware was distributed on
some
untrustworthy websites. We, as packagers, get the code directly from
the
Videolan project.
So you meet them once in person and exchanged some kind of PKI/shared
secret etc?
That's great then of course and the ideal case of securely getting the
sources as a maintainer :-)
But I guess only a small fraction of our packages have such a secure
trust path to their upstream.
Chris.
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: http://lists.debian.org/[email protected]
