The Ubuntu software repository does not solve the problem. It only solves it for the software which is in the repository.
And the claim that Canonical has somehow "vetted" the software is bogus. Canonical do not (and can not) go through every piece of software and look for backdoors or other malicious functions. At best they are running some automated virus scanners on the committed software, which is very much the same tucows or other repositories do.
Instead, Canonical relies on the community to weed out the malicious elements.
The basic problem persists: How to trust software you download from the Internet. Ubuntus software repository does not (end neither does any other repository) guarantee you that they'll catch malicious submissions.
As clearly demonstrated recently with Firefoxs extension repository where a password sniffing extension was discovered by a mere coincidence.
Discussion on:
Message 1 of 1
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
