Hacker News new | past | comments | ask | show | jobs | submit login

How is that all that different from any other software you download? With 100s of dependencies any one of them could be malicious and just wait for the next privilege escalation attack and achieve the same persistence level as a malicious kernel module.



The major Linux distros have processes in place to both filter what goes in and handle security issues when they happen. If you have specific concerns then name them, but downloading a Fedora or Debian install is in no way comparable to installing binaries from random filesharing websites.


>but downloading a Fedora or Debian install is in no way comparable to installing binaries from random filesharing websites.

What if you download binaries from non-random, trusted websites? Seem to me that is the same as trusting a repo maintainer.


You omitted where I said distros "have processes in place". We can discuss whether the processes are adequate, but the situation itself is completely different from downloading binaries from websites, trusted or otherwise.


I don't think its "completely different". Its only a minor difference in my view. We'll just have to agree to disagree. IMO repository maintainers are not going to code review every patch in every package, and logistically they can't anyway. The only 'process' here AFAICT, is to take down the patch once news spreads of a bad patch.


Do you only run software available in distro packages?


Given that I'm a Fedora packager, yes, or else software which I wrote myself.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: