Another nice shout-out for the openSUSE community here: The USENIX association magazine, ;login, has recognized openSUSE as having the same level of protection against some of the recently discovered package management vulnerabilities as enterprise-class distros. Says Federico Lucifredi:

What’s more, the openSUSE and SUSE Linux Enterprise distros not only secure packages and package metadata with cryptographic signatures, but have addressed the more exotic attacks described by the paper as well, with the slow-data fix currently in Factory completing the picture. The upshot of this is that users can deploy updates safely whether they’re obtaining updates from a centralized network or through a decentralized system of community maintained mirrors.

The full article is available as a PDF. Definitely worth a read!

This entry is filed under Community, Infrastructure, Security. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.