[zobzu]

Actually, even with opensource you may never know it happened. Does not matter where it comes from:

- They have to find it out first.

- Then they've to be willing to disclose the incident

- Even if, you still trust the source of the packages, the developers, etc. There's a zillion bugs that look like "just an error" which can also be "just a backdoor".

For these reasons, running mac, checking modified files, etc is ALWAYS good practice (that you seem to follow, don't get me wrong - but that's pretty rare)

[meaty]

I only follow them after I got owned in '97 on the end of a dialup for running an open telnet server (on FreeBSD) with a crappy root password :)

[olefoo]

Nobody takes security seriously until they've learned to distrust a computer they know intimately. It's a fact of life.