[LAU] Ardour.org hacked...

Oon-Ee Ng ngoonee.talk at gmail.com
Fri Mar 8 01:47:27 UTC 2013


On Thu, Mar 7, 2013 at 10:34 PM, R. Mattes <rm at mh-freiburg.de> wrote:
>
> Which distribution _doesn't_ sign it's packages? What code is weakly protected?
> Even most major download/DVCS sites use secure communication channels these days
> (https). The problem is the naive asumption that self-compiled code would be more
> secure. Not a Linux problem, I'd say ...

Smaller distros don't necessary sign packages (mine, Arch, started
doing it relatively recently). The implicit 'trust-the-dev' still
applies though, even with signing.


More information about the Linux-audio-user mailing list