Re: odd
> I don't think Linux repositories are 100% immune from malware. People used to pontificate about how Linux was open source and therefore inherently secure because of the 'many eyeballs on the code' principle. Well in the last few years that idea has been demonstrably blown out of the water after vulnerabilities have been found in critical open source libs.
It doesn't help that you're adding to the polemic. According to The Cathedral and the Bazaar, at the time "given many eyeballs, all bugs become shallow" was coined the principle Linus was following was "release early, release often" and "...many eyeballs..." the justification for exposing potential bugs in the code to public scrutiny. It isn't an attempt to claim people will look, it isn't an attempt to claim people who are looking will focus where you need, and it isn't a claim there won't be bugs in the first place ... yet it turns out people do want to get involved at all stages of the submission/release process, and in all areas of the code; the existence of vulnerability fixes serves as proof that the overall process serves its purpose (and it does this a lot better than it implies Linux as a project was due to have crashed and burned). That fixes arrived later rather than sooner on occasion is neither here nor there.
(...and of course the existence of vulnerability fixes for both open and closed source software of various types tells us neither has the upper hand on advice for best practice. Sadly).
Biting the hand that feeds IT
