Quoting Volker Birk (v...@pibit.ch): > Really? > > How do you detect, if maintainer's patches contain backdoors? If I would > want to attack Debian, I would try to become the maintainer of one of > the most harmless, most used packages. And believe me, you wouldn't see > at the first glance, that this source code patch is containing a > backdoor....
Indeed, this whole line of query (from someone who cannot even bother to read debian-legal and wants to be CCed; no thanks) is basically pretty dumb and can be avoided by reading Ken Thompsen's 'Reflections on Trusting Trust', contemplating the nature of the accountability and tracking facilitated by the Debian maintainer process (and its design limits), and, y'know, bothering to think a bit. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130803173616.go20...@linuxmafia.com
