Re: GNU Coding Standards, automake, and the recent xz-utils backdoor

[Richard Stallman]

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > > Can anyone think of a feasible way to prevent this sort of attack?
  > A common way would be to use PGP signing to bless a set of files. 
  > Perhaps a manifest which specifies the file names/paths and their sha256 
  > would be sufficient.  But there needs to be a way to augment this in 
  > case there are multiple collections of blessed files, including those 
  > blessed by the user.

Could you make that last part more precise and clear>

  > > What is an "OS package manager"?

  > A popular OS package manager is Debian 'apt'

Thanks, now I know what you meant.

-- 
Dr Richard Stallman (https://stallman.org)
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free Software Foundation (https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)