Good example: Chromium blob found by Debian (via LWN)

Paul van der Vlis paul at
Sun Jul 19 17:51:48 UTC 2015

Op 18-06-15 om 10:30 schreef Bernhard Reiter:
> We all know that the review that is actually happening
> is really important for raising the quality of software.
> Free Software always enables third party peer review,
> which makes it an important precondition for good security.
> Here is an example where the peer review of Debian
> found an issue that - most likely - slipped the Google devs.
>   Chromium suddenly starts downloading a binary blob
> You'll get the relevant links from the above article and its comments.

It's nice to see this blob is found.

Packaging software is something else then doing a peer review.

I think it's not really difficult to bring something what's bad into
Debian when you have money enough, or when you are mean enough to
blackmail a DD.

For that reason I think peer reviews are important. I would like to see
them listed with names and what code was checked.

More automatic tests are great too.

With regards,
Paul van der Vlis.

Paul van der Vlis Linux systeembeheer Groningen

More information about the Discussion mailing list