Comment by charcircuit
15 days ago
It is, but Linux distros are not the pinnacle of security. They use a security model decades out of date, so they are not something you should try and copy off of.
15 days ago
It is, but Linux distros are not the pinnacle of security. They use a security model decades out of date, so they are not something you should try and copy off of.
Sure, but the reality is that your average Linux distro repo has WAY less malware than the play store.
Your security model doesn't matter much when the people doing the security are bad actors. Google is a malicious actor - they actively incentivize malware on the play store.
But has there been many actual reported security issues due to it? Like has anyone downloaded malware fro the official Ubuntu or Fedora repos?
CVE-2008-0166 a maintainer added a security bug to openssl and it was distributed to many machines resulting in many weak ssh keys being generated. Between openssl releasing their library and it making its way to end user's machines a security vulnerability was injected.
That was literally before the first production Android phone become available. Does not seem to be a particularly common occurance. Though due to the current world situation, supply chain attacks might admittedly become more common.