Ron Johnson wrote: > > *Maybe* not on Debian, since Debian users *tend* to be more
Yup, I agree. > sophisticated, but what's to stop Joe Wannabe from doing this? > > $ sudo dpkg -i NakedBrittany.deb This is more likely since some of the present day popular packages are commonly downloaded as debs and installed (Skype, brand new versions of Openoffice.org). To me, it looks like the only viable solution is to go for only open source stuff which is hosted on the distro's official mirrors (Debian, Ubuntu) where the packages are signed. Any departure from this is just inviting Average Joe to cause trouble. > > Anyway, twice in the past few years, Debian servers have been > compromised. One time it was thru a weak DD user password, and the > other thru a poorly-working (official) Debian patch to ssh. (Or was it > SSL?) That last one caused more than a minor ruckus. > It was SSL. I think it is described here: http://www.debian.org/security/2008/dsa-1571 -- Please reply to this list only. I read this list on its corresponding newsgroup on gmane.org. Replies sent to my email address are just filtered to a folder in my mailbox and get periodically deleted without ever having been read. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
