<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Thanks Amichai,<br>
<br>
I had browse through that link as well as searched around the
internet again...I found this link<br>
<br>
<a class="moz-txt-link-freetext" href="http://ubuntuforums.org/archive/index.php/t-1199641.html">http://ubuntuforums.org/archive/index.php/t-1199641.html</a><br>
<br>
The last sentence seems to imply that the Main repository does get
more attention (perhaps significantly more) attention from
ubuntu. I would like to see an anti-virus (anti-malware, I don't
know these terms well) program included in Main, that way there is
some protection from other sources....I would think that it makes
sense for Anti-virus to be part of the "base" system.<br>
<br>
Chandra<br>
<br>
<br>
On 12/19/2012 09:54 PM, Amichai Rotman wrote:<br>
</div>
<blockquote
cite="mid:CAD_ZK67GKP9x_=rK5hAHo3rjXnYyYSc=md5Yn=k=Ln3Q8vMpXQ@mail.gmail.com"
type="cite">
<div dir="ltr">Although it's a bit old, it is still relevant:
<div><br>
</div>
<div><a moz-do-not-send="true"
href="https://help.ubuntu.com/10.04/add-applications/C/index.html">https://help.ubuntu.com/10.04/add-applications/C/index.html</a></div>
<div><br>
</div>
<div>Does this answer your questions?<br>
<br>
<br>
<div id="WISESTAMP_SIG_gmail_session">
<div
style="font-size:13px;font-family:Verdana,Arial,Helvetica,sans-serif">
<div style="border-top:1px solid
#e5e5e5;padding-top:0.8em">
<div style="margin:0px 0px 8px">
<table rules="none" style="text-align:left" border="0">
<tbody style="">
<tr style="">
<td style=""><span><span><img
moz-do-not-send="true"
src="https://s3.amazonaws.com/uploads.wisestamp.com/8bc2285d8fe8d13a74052220c8b2022b/1337275286.png"
alt=""></span></span></td>
<td style=""><span><span>Amichai Rotman</span><br>
<span> Penguin - FLOSS Computer Service and
Technical Consulting</span><br>
<span> +972-73-7962360 || </span><span>+972-54-4605787</span></span></td>
<td style=""><span><span><img
moz-do-not-send="true"
src="https://s3.amazonaws.com/uploads.wisestamp.com/8bc2285d8fe8d13a74052220c8b2022b/1343223293.png"
alt=""></span></span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Wed, Dec 19, 2012 at 2:35 AM,
Chandra Amarasingham <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:camarasingham@yahoo.com" target="_blank">camarasingham@yahoo.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Thanks Tom and Amichai.<br>
<br>
I had assumed that the packages in Main go through a
more stringent auditing process before inclusion thus
perhaps being more secure. If it's just support and
update I guess one is as secure as the other at least
when initially delivered.<br>
<br>
I have a vague recollection that malicious code have
entered open source projects and subsequently have to be
cleaned even perhaps in the source code. I guess this
is unavoidable (as risk in life is unavoidable) but was
wondering what "best practice" in the open source world
would look like regarding installation of software (ie.
minimizing the risk, not only to protect one's self but
one's customers, etc, who derive work from one's system)
especially from community maintained sources.<br>
<br>
If some malicious code is found to have entered an
ubuntu system, would there be an audit trail which would
enable efficient investigation of where and when it may
have entered? and who would know more about it? I
understand that community maintained packages are
signed, etc.<br>
<br>
I am little vague on how the whole open source process
works....debian to ubuntu, source to binaries, etc.....,
and have thought that if there was a registered company
behind a repository it may have higher credibility.<br>
<br>
Are there things you can do to monitor when executables
on your system get changed, eg. run a hash on all
executables regularly..., etc...(probably would take a
long time)?<br>
<br>
These are some of my thoughts...<span class="HOEnZb"><font
color="#888888"><br>
Chandra</font></span>
<div>
<div class="h5"><br>
<br>
<br>
On 12/19/2012 01:01 AM, Amichai Rotman wrote:<br>
</div>
</div>
</div>
<div>
<div class="h5">
<blockquote type="cite">
<div dir="ltr">I think the OP is referring to the
fact the Universe / Multiverse repositories are
not supported directly by Canonical, but by the
community. So the OP, being a long time Windows
user, I guess, assumes it is potentially open to
malicious code...
<div> <br>
</div>
<div>Chandra: No need to worry!</div>
<div><br>
</div>
<div>Although Linux viruses exist, they pose very
little threat to your Ubuntu. On the other hand,
if you use the same computer with Windows, and
download files from the Internet, make sure to
scan them regularly with an updated Anti Virus.
You can safely install ClamAV + ClamTk (it's
graphical front-end) and use it to scan your
Windows partition from within Ubuntu.</div>
<div><br>
</div>
<div>The fact that the Universe / Multiverse
repositories are not supported by Canonical just
means you have to seek the community's help and
support for the applications you installed from
them, and not contact Canonical.</div>
<div><br>
</div>
<div>I hope I was helpful and didn't confused you
even further ;-)</div>
<div><br>
<br>
<div>
<div
style="font-size:13px;font-family:Verdana,Arial,Helvetica,sans-serif">
<div style="border-top:1px solid
#e5e5e5;padding-top:0.8em">
<div style="margin:0px 0px 8px">
<table rules="none"
style="text-align:left" border="0">
<tbody>
<tr>
<td><span><span><img
moz-do-not-send="true"
src="https://s3.amazonaws.com/uploads.wisestamp.com/8bc2285d8fe8d13a74052220c8b2022b/1337275286.png"
alt=""></span></span></td>
<td><span><span>Amichai Rotman</span><br>
<span> Penguin - FLOSS
Computer Service and
Technical Consulting</span><br>
<span> <a
moz-do-not-send="true"
href="tel:%2B972-73-7962360"
value="+972737962360"
target="_blank">+972-73-7962360</a>
|| </span><span><a
moz-do-not-send="true"
href="tel:%2B972-54-4605787"
value="+972544605787"
target="_blank">+972-54-4605787</a></span></span></td>
<td><span><span><img
moz-do-not-send="true"
src="https://s3.amazonaws.com/uploads.wisestamp.com/8bc2285d8fe8d13a74052220c8b2022b/1343223293.png"
alt=""></span></span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Tue, Dec 18, <a
moz-do-not-send="true" href="tel:2012"
value="+9722012" target="_blank">2012</a> at
2:45 PM, Tom H <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:tomh0665@gmail.com"
target="_blank">tomh0665@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0
0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div>On Tue, Dec 18, <a
moz-do-not-send="true" href="tel:2012"
value="+9722012" target="_blank">2012</a>
at 12:57 AM, Chandra Amarasingham<br>
<<a moz-do-not-send="true"
href="mailto:camarasingham@yahoo.com"
target="_blank">camarasingham@yahoo.com</a>>
wrote:<br>
><br>
> I am wondering if there is an
"official" word on the security of the<br>
> universe repository compared to the
Main repository. By security I mean free<br>
> from malicious code.<br>
><br>
> I don't think there are anti-virus
programs in the Main repository, but I<br>
> think clam anti-virus is in the
universe repository.....but that means I am<br>
> not able to be confident that the clam
anti-virus itself does have malicious<br>
> aspects (eg. from other sources...).<br>
><br>
> I thought it would be nice to have some
scanning software in the main<br>
> repository which can be used to scan
software from other repositories which<br>
> don't enjoy the same level of
confidence.<br>
<br>
</div>
Why would the universe/multiverse repositories
be insecure? They're<br>
packages rebuilt from Debian just like those
in main/restricted.<br>
<div>
<div><br>
--<br>
ubuntu-users mailing list<br>
<a moz-do-not-send="true"
href="mailto:ubuntu-users@lists.ubuntu.com"
target="_blank">ubuntu-users@lists.ubuntu.com</a><br>
Modify settings or unsubscribe at: <a
moz-do-not-send="true"
href="https://lists.ubuntu.com/mailman/listinfo/ubuntu-users"
target="_blank">https://lists.ubuntu.com/mailman/listinfo/ubuntu-users</a><br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
</blockquote>
<br>
</div>
</div>
</div>
<br>
--<br>
ubuntu-users mailing list<br>
<a moz-do-not-send="true"
href="mailto:ubuntu-users@lists.ubuntu.com">ubuntu-users@lists.ubuntu.com</a><br>
Modify settings or unsubscribe at: <a
moz-do-not-send="true"
href="https://lists.ubuntu.com/mailman/listinfo/ubuntu-users"
target="_blank">https://lists.ubuntu.com/mailman/listinfo/ubuntu-users</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
</body>
</html>