[sf-lug] Security of mirrors

Robert Damphousse rjdampho at gmail.com
Wed Mar 31 09:58:11 PDT 2010


Hello all,

Does anyone have some thoughts on the security of software mirrors for our
favorite Linux distros? Given all the hacking we are seeing from China right
now, which is mostly done via binary malware on Windows machines, I am
wondering if a software mirror can be compromised to achieve a similar
result on Linux systems?

I've always felt like my Gentoo environments are safe because I'm compiling
source from "trusted" mirrors - but can those mirrors be compromised?  This
is a question I need to answer.  I also wonder about the security of mirrors
for Ubuntu and other Debian-like distros that pull down software in binary
form.

Today's reading from Google:

http://googleonlinesecurity.blogspot.com/2010/03/chilling-effects-of-malware.html

Cheers,
Robert
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxmafia.com/pipermail/sf-lug/attachments/20100331/d7c8adc3/attachment.html>


More information about the sf-lug mailing list