security of package manager

The subject of the week seem to be information security, so I’ll get on with another post that should keep you awake - well… if you are a system administrator doing his job.

With the DNS vulnerability, we thought that this was the bottom of the barrel. Yet researcher are always able to amaze us: Attacks on package managers.

Ok, I must admit that it isn’t as bad as others bugs. Most of the risk can me mitigated by requesting meta-data verification (openssl) from your packager source or selecting a trusted repository. Still - I’ll verify all my sources…