• danielfgom@lemmy.world
    link
    fedilink
    English
    arrow-up
    12
    ·
    1 year ago

    I wonder if there is a way to spot this, even when vetting an app? Do the Maintainers of most distros manually read the code to discover whether an app is malware? Or do they have automated tools like opensuse’s testing tools which can detect malware. (Not sure if opensuse’s tool can test for malware or only app functionality).

    Either way we need to have an automated programme that can checks all apps. It’s simply too much for humans given the massive number of apps, libraries etc.

    • Aux@lemmy.world
      link
      fedilink
      arrow-up
      8
      ·
      1 year ago

      No one is really doing anything. Repos have been poisoned multiple times over the decades, even original source code repos of big projects have been poisoned. If you don’t check the end binary on your system yourself, you’re at risk.