Oh On Mon, 18 Apr 2022, 00:00 Daniel Pocock, <dan...@pocock.pro> wrote:
> > On 17/04/2022 19:26, Satvik Sinha wrote: > > Hi,guys and Good Day! So in recent days ,it was observed that many open > > source contributors vandalised their or someone else's project's > > reputation to show agendas of Russia-Ukraine war, Some even vandalised > > their project to destroy system in Russia and Belarus (Node-ipc being > > one of them) that affected many people and their trust on open-source > > software. So I wanted to ask How safe is Debian doing right now and how > > will you guys prevent contributors pushing such malicious code into your > > software and how will you detect a software getting vandalised to showed > > Anti-war agenda by abusing your OS's reputation? > > If there are backdoors in Debian then they are harder to detect. Large > intelligence agencies aim for plausible deniability. Look at the > infamous OpenSSL vulnerability[1]. After investing so much time > planting agents and backdoors in Debian, they will not want to blow > their cover by doing something so brash. > > There has recently been evidence on Debian Community News about some > cases, for example: > > Paul Tagliamonte and Sam Hartman and their Pentagon connections, with > photos > > Jonathan Wiltshire and Chris Lamb having GCHQ proximity, with a map > > There are approximately 1000 Debian Developers and when one of us makes > an upload, there is no obligation for somebody else to check it. On the > other hand, there is a period of days or weeks before new uploads can > propagate to stable systems. This may make it more robust if you only > use stable. > > debian-proj...@lists.debian.org is now being censored to stop > discussions like this about Debian integrity. > > Regards, > > Daniel > > 1. > > https://igurublog.wordpress.com/2014/04/08/julian-assange-debian-is-owned-by-the-nsa/ > > -- > Debian Developer > https://danielpocock.com >
