> > I do not know if we have anything like this already > but if not: > > > > How about we put some anti malware checking on our > repositories? So > > when someone adds or changes a package an automatic > anti malware check > > is done. > > Well, what do you propose to setup ? > > Do you have a product that would have detected what > happened to gentoo ? > > -- Michael Scherer >
I do not have deep enough knowledge in packaging to have a setup. But something along the lines of: A package is uploaded An automatic test is done with some anti-malware program If anything suspicious if found the update is set on hold until some "admin" checks the potential malware. There are some anti virus programs for Linux http://en.wikipedia.org/wiki/Linux_malware#Anti-virus_applications And some of them (at least on windows) can find malware in code that is not yet know as malware. I do not know if any of it would have detected the Unreal malware. //Mattias
