Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.security > #6141

Re: Concerns about Security of packages in Debain OS and the Operating system itself.

From Adam McKenna <adam@flounder.net>
Newsgroups linux.debian.devel, linux.debian.project, linux.debian.security
Subject Re: Concerns about Security of packages in Debain OS and the Operating system itself.
Date 2022-05-23 21:20 +0200
Message-ID <EqlKV-hs2p-13@gated-at.bofh.it> (permalink)
References (2 earlier) <Edj4d-9p3P-13@gated-at.bofh.it> <Eqk2u-hr0G-3@gated-at.bofh.it> <Eql8d-hrAZ-1@gated-at.bofh.it> <EqlBf-hrZh-3@gated-at.bofh.it> <EqlKV-hs2p-15@gated-at.bofh.it>
Organization linux.* mail to news gateway

Cross-posted to 3 groups.

Show all headers | View raw

[Multipart message — attachments visible in raw view] - view raw

> they get one and only one chance to do something that stupid.

So the answer is that we have no way of preventing a developer from
intentionally sabotaging a package in any / as many ways as they choose and
the only risk to them is losing their uploader access after the fact?

>the response is swift: there was a debian developer wrongfully arrested
for running a TOR exit node. their key was revoked immediately.

How was this incident detected?


On Mon, May 23, 2022 at 12:07 PM lkcl <luke.leighton@gmail.com> wrote:

> On Mon, May 23, 2022 at 7:59 PM Adam McKenna <adam@flounder.net> wrote:
> > You are talking about a deterrent though.  I think the question is,
> > what if someone cares more about their political cause than
> > retaining their uploader access?
>
> they get one and only one chance to do something that stupid.
>
> > What if someone's keys are compromised
>
> the response is swift: there was a debian developer wrongfully
> arrested for running a TOR exit node. their key was revoked
> immediately.
>
> l.
>

Back to linux.debian.security | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Re: Concerns about Security of packages in Debain OS and the Operating system itself. lkcl <luke.leighton@gmail.com> - 2022-04-17 21:50 +0200
  Re: Concerns about Security of packages in Debain OS and the  Operating system itself. Stephan Verbücheln <verbuecheln@posteo.de> - 2022-04-18 19:50 +0200
  Re: Concerns about Security of packages in Debain OS and the  Operating system itself. Adam McKenna <adam@flounder.net> - 2022-05-23 19:30 +0200
    Re: Concerns about Security of packages in Debain OS and the  Operating system itself. lkcl <luke.leighton@gmail.com> - 2022-05-23 20:40 +0200
      Re: Concerns about Security of packages in Debain OS and the  Operating system itself. Adam McKenna <adam@flounder.net> - 2022-05-23 21:10 +0200
        Re: Concerns about Security of packages in Debain OS and the  Operating system itself. Adam McKenna <adam@flounder.net> - 2022-05-23 21:20 +0200
        Re: Concerns about Security of packages in Debain OS and the  Operating system itself. lkcl <luke.leighton@gmail.com> - 2022-05-23 21:30 +0200
        Re: Concerns about Security of packages in Debain OS and the  Operating system itself. Paul Wise <pabs@debian.org> - 2022-05-25 03:20 +0200
          Re: Concerns about Security of packages in Debain OS and the  Operating system itself. piorunz <piorunz@gmx.com> - 2022-05-25 14:10 +0200

csiph-web