On Sunday 13 July 2008 07:01:01 pm Carlos E. R. wrote:
Just create an interesting repository in the build service and pervert it.
Build Service and any other large project is not the easiest venue. I don't think that some guys didn't came on idea to misuse them, but didn't made it [1].
Or pervert the source code of some project, it might take some time till discovered.
Make rpm and make people want it.
They will download, install and run it.
The only thing is that it must be some *not* very interesting topic [2] for
masses, otherwise it will come under scrutiny very fast. It is a Linux
culture that actually keeps the things under control, not special Linux
architectural advantages [3].
[1] Security trough obscurity is often criticized as bad practice, but
actually it is the only way security can work. You will not see lock made out
of glass, nor your password is not 'open source'. Obscurity is present in any
security solution.
Only weak security hidden by obscurity is bad. Lock with 2 cylinders
or 'password' password are bad ideas, and obscurity doesn't help much.
[2] Names can be:
Device driver for <exotic hardware>, setup tool for the same, access to