Reply to comment

Other security mechanisms?

Can you explain more about your checking for forgery / malicious content (privately via email is fine)? I understand you have a checker bot that looks to see if the repomd.xml file is up to date. Can you talk more about other security checks you have that we may have overlooked?

I want to make sure that we don't provide any incorrect information about CentOS' security mechanisms. :)

I definitely appreciate the comments and suggestions on our research. Our goal isn't to point fingers at distributions. We're trying to provide accurate information about the real risks involved. We thank you for helping to point out any items we missed in our broad examination of package manager and distribution security.



Please refrain from adding URLs to unrelated or commercial websites. This site is moderated and comments with inappropriate links are rejected. Thank you for your understanding.
The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options