Singapore Government Hackers Love to Hack Teo En Ming's Computers, Smartphones, and Internet Online Accounts
Oliver Grawert
ogra at ubuntu.com
Sun Aug 9 13:55:33 UTC 2015
hi,
Am Sonntag, den 09.08.2015, 11:48 +0200 schrieb silver.bullet at zoho.com:
> >On Sun, 09 Aug 2015 11:22:37 +0200, Oliver Grawert wrote:
> >>* do not use third party repositories like PPAs (unless you can and
> >>want to inspect the source code in there before using the binaries)
>
> This requires also to build from source, instead of installing the
> provided binaries ;). The binaries not necessarily belong to the
> provided source code;).
>
this is easy to verify by reading the build logs that are published with
every binary package that gets built (in the archive as well as in PPAs)
indeed ;)
(there are signature checks for the sources as well as checksums for the
resulting binaries that get logged at build time, you can verify each
bit if required)
And as mentioned in my other answer, you already picked to trust
Canonical and its infrastructure by choosing Ubuntu.
ciao
oli
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 173 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20150809/03fe3885/attachment.sig>
More information about the ubuntu-users
mailing list