Linuxpackages.net Malicious Code
I used to swear by
Linuxpackages.net for nearly all of my Slackware packages.
Apparently it didn't make really big news but I just learned that a couple of
months ago
Linuxpackages.net has intentionally released a malicious ISO on
P2P networks
that included a package that would nuke your HD if you used it. I guess they
wanted to make sure you bought it from them rather than downloaded it somewhere.
According the the article linked above the following text was included in the
WARNING file:
Standard information here. We take no responsibility for what any of these
packages may do. They are checked but for only minor things. As with any
software you download you should check it very well before installing it.
Also if you have downloaded an ISO of this archive from a P2P network or
purchased it from a source other than Linuxpackages be warned there is
a package included in the archive that will remove all the files from your
HD and yes we put it there to prevent unauthorized mirrors and leeches
that try and make money off of the hard work of many without giving them
credit.
These ISO.s that are out there are not authorized by us and should not
be trusted. The archive is available for purchase from us or you can
download the packages from authorized mirrors. To see the list go to
http://www.linuxpackages.net/mirrors.php
LinuxPackages.net
This sort of thing by anyone is absolutely not cool in anyway whatsoever. Not
to mention terribly illegal (IANAL). Of all the people who should know that
this is wrong you would think it would be an organization that is centered
around Open Source Software like Linuxpackages.net. This sort of thing is
usually in indication of a deeper issue within an organization and shows us
where it's true priorities lie. In this case, that priority is money. Either
that, or there is some colossal stupidity in the ranks and they didn't really
think their actions through.
So, this is just one more thing to urge me to stick with
SlackBuilds or even
CheckInstall if it is ever updated to work on Slackware
12.0.