It is hard to make software distribution completely secure. As a side point, our threat model doesn't fully trust the nodes compiling the software so such attacks are fairly limited in scope (but I'm not a developer of OBS so I'm really not the right person to be asked these questions).ĭebian packages are signed. Of course, reproducible builds is something that would solve this problem even better (protecting against attacks on OBS that cause it to add source that are not in the repo). If your developers are using sane source control practices (use GPG keys for every commit, but especially tags) then you are protected against that too. You can download the source code that OBS used (both as a src RPM generated by the builder and the OBS repo that the builder was given read-only access to), and OBS supports cryptographic signatures of the originating source (with gpg-offline keys to avoid WoT attacks). > Also that protects you against malware injecting binaries in an executable when compiling it, but not from malware injecting code into the source code of the executable. A user could (if they were really paranoid) rebuild the packages locally, with two or three commands.
> But who would use the build service? The consumer of the software or the publisher? I get that distributions aren't "sexy" but it's getting quite frustrating seeing all these communities make the same mistakes that distributions made (and learned from) more than 20 years ago.
CCLEANER MALWARE UPDATE
As part of the openSUSE project we even have a free-to-use (and free as in freedom) build project called the Open Build Service which allows you to build packages (with automated dependency update rebuilds) for many different distributions (Arch Linux, Debian, Ubuntu, Fedora, RHEL and obviously openSUSE and SLES). You can build packages locally if you want to verify them, and modifying a package after it has been built invalidates the signature that all modern package managers require before installing a package. We have automated building and signing systems that mean that installation and upgrades are done in ways that are not vulnerable even to fairly sophisticated attacks. The Debian folks are doing an amazing job there.Īnother important point is that distributions have already solved effectively all of these problems. Run Linux because you want a UNIX desktop and the kind of software that goes with it (gcc, bash, rsync, native TCP/IP utilities and those things).įirst of all, this is why reproducible builds (getting bit-for-bit identical binaries independent of the machine used to build the software) is something we should be putting much more work into. If you want Windows software then that's what you should run it on.
CCLEANER MALWARE INSTALL
Just don't install Linux as an almost-Windows or cheap-MacOS. If that works with your display, a native install is going to work too. Download the latest Fedora (or Ubuntu) live DVD and boot it. ATI is generally usable too, but performance and power consumption generally lag their Windows equivalent drivers. And since Intel started to make both network and graphics cards, that's usually your best bet.
CCLEANER MALWARE DRIVERS
In the case of Linux, what just works is generally the drivers that are built in to the system, with vendors that take an active part in Linux development. I guess that's a good reputation to have but it's not very useful if you want something that just works. People generally don't fault MacOS for not supporting whatever hardware they bodged together, yet they expect Linux to work with anything because hackers and magic. So without knowing the specifics of your graphics hardware it's impossible to give a clear answer. The boring answer is that if you have a graphics card with good Linux support, you're going to have a good experience.
0 kommentar(er)
