|
|
|
|
|
|
by shadowgovt
1680 days ago
|
|
|
Well, that's what I'm wondering. GNU/Linux distros like Debian and Ubuntu don't seem to suffer supply chain attacks, but it's not entirely clear to me why. Is it because the distros are more carefully curated, and the infrastructure for extending them older so it has had more time to wrestle security concerns to the ground? Or is it, disquietingly, the possibility that they are completely vulnerable to this sort of attack and either nobody has noticed there compromised or attackers haven't decided that compromising a major desktop Linux distro is worth the time? https://www.zdnet.com/article/open-source-software-how-many-... |
|
|
So yes, distributions are carefully curated, with a large team of experts vetting the system in a huge number of ways, and are always looking to improve upon them. Because attackers are actively attempting to compromise major distributions.
[0] https://wiki.debian.org/ReproducibleBuilds
[1] https://lwn.net/Articles/859965/