Path: csiph.com!newsfeed.xs4all.nl!newsfeed9.news.xs4all.nl!bofh.it!news.nic.it!robomod From: Stephan =?ISO-8859-1?Q?Verb=FCcheln?= Newsgroups: linux.debian.devel,linux.debian.project,linux.debian.security Subject: Re: Concerns about Security of packages in Debain OS and the Operating system itself. Date: Mon, 18 Apr 2022 19:50:01 +0200 Message-ID: References: X-Original-To: debian-devel@lists.debian.org, debian-project@lists.debian.org, debian-security@lists.debian.org X-Mailbox-Line: From debian-devel-request@lists.debian.org Mon Apr 18 17:42:06 2022 Old-Return-Path: X-Amavis-Spam-Status: No, score=-8.871 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, LDO_WHITELIST=-5, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SARE_MSGID_LONG40=0.637, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no X-Policyd-Weight: using cached result; rate: -5.5 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailing-List: archive/latest/351921 List-ID: List-URL: List-Archive: https://lists.debian.org/msgid-search/7f84732efbb0069ea3dd03710c2ec85447427238.camel@posteo.de Approved: robomod@news.nic.it Lines: 10 Organization: linux.* mail to news gateway Sender: robomod@news.nic.it X-Original-Date: Mon, 18 Apr 2022 17:41:46 +0000 X-Original-Message-ID: <7f84732efbb0069ea3dd03710c2ec85447427238.camel@posteo.de> X-Original-References: <0BDBB0C6-4DB3-4C49-9EF0-60BDAAB9B6DA@gmail.com> Xref: csiph.com linux.debian.devel:104163 linux.debian.project:12805 linux.debian.security:6086 > i did the analysis (took 3 weeks) Do you have a publication of that analysis? I was thinking the same about the organization of Debian for some time but never did analysis or compared it to other distros. Also I like to add that reproducible builds are an excellent addition to the mechanisms you are describing. Regards=20