It seems like every day we hear more stories about security breaches, the amount of data that companies are gathering about us without our permission, and the general lack of privacy that has become the norm with use of electronic devices on the internet.
For many years we've probably all downloaded software, free or otherwise, and installed it on our machines. Linux distros, Virtual Machines, remote access apps like TeamViewer, Zoom, Rufus, Libre Office; the list could go on forever. But it's getting to the point where you can't trust anything you download.
Given what took place recently with Solar Winds, a thought crossed my mind regarding Linux security. Given that many distros are 'community driven', what is really keeping some nefarious person, organization, government, or company from inserting malicious code? I mean, we download this stuff and use it every day, but how secure and/or safe is it really?
I've never been a part of working on a distro in any way so I'm just curious if anyone has any insight on whether malicious code could somehow be inserted into a Linux distro and if so, what could be done about it to ensure it hasn't happened?
For many years we've probably all downloaded software, free or otherwise, and installed it on our machines. Linux distros, Virtual Machines, remote access apps like TeamViewer, Zoom, Rufus, Libre Office; the list could go on forever. But it's getting to the point where you can't trust anything you download.
Given what took place recently with Solar Winds, a thought crossed my mind regarding Linux security. Given that many distros are 'community driven', what is really keeping some nefarious person, organization, government, or company from inserting malicious code? I mean, we download this stuff and use it every day, but how secure and/or safe is it really?
I've never been a part of working on a distro in any way so I'm just curious if anyone has any insight on whether malicious code could somehow be inserted into a Linux distro and if so, what could be done about it to ensure it hasn't happened?