This link appeared in WDRL 126 on .
Distribution packages considered insecure
Most of today’s software is delivered via package managers. While it’s an easy, and mostly reliable, way to distribute ready-to-use packages of source code, it also brings along a few security issues. Lukas Reschke shares why: why the whole system is based on trust. And since trust cannot be ensured, we should try to find alternative methods to provide a more open, secure, and reliable way to avoid scenarios like the one that just happened to a Linux distribution this week, which served malware from the official package.