Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 19 Nov 2019 09:08:32 -0500 (EST)
From: "Stuart D. Gathman" <>
Subject: Re: Mitigating malicious packages in gnu/linux

On Tue, 19 Nov 2019, Morten Linderud wrote:

> On Tue, Nov 19, 2019 at 01:33:48PM +0200, Georgi Guninski wrote:
>> * As end user what can I do to mitigate malicious packages?
> The answer to this is complicated.

... an excellent overview from Morten, recommended reading

My tidbit is that when starting with a new package, I run it in a 
virtual machine until my confidence begins to exceed the annoyance
of going through a VM (generally a year or so).  A container may be
sufficient for a non-root application.

 	      Stuart D. Gathman <>
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.