[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [oss-security] Mitigating malicious packages in gnu/linux



On Tue, 19 Nov 2019, Morten Linderud wrote:

On Tue, Nov 19, 2019 at 01:33:48PM +0200, Georgi Guninski wrote:
* As end user what can I do to mitigate malicious packages?

The answer to this is complicated.

... an excellent overview from Morten, recommended reading


My tidbit is that when starting with a new package, I run it in a virtual machine until my confidence begins to exceed the annoyance
of going through a VM (generally a year or so).  A container may be
sufficient for a non-root application.

--
	      Stuart D. Gathman <stuart AT gathman.org>
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.