distro

In the past^[1] numerous^[2] file^[3] distribution^[4] servers^[5] were^[6] attacked^[7] and the attacker replaced a release tarball/zip with a modificated version including a backdoor. Usually the distributions use some kind of signatures to avoid such an attack against their own infrastructure but this doesn't include the initial retrieval of the source code from upstream (usually done through the tarballs).

More...^[8]

[1] https://sourceforge.net/blog/phpmyadmin-back-door/
[2] https://forums.unrealircd.com/viewtopic.php?t=6562
[3] https://forums.proftpd.org/smf/index.php?topic=5206.0
[4] https://h-online.com/-913588
[5] https://lwn.net/Articles/450181/
[6] https://piwik.org/blog/2012/11/security-report-piwik-org-webserver-hacked-for-a-few-hours-on-2012-nov-26th/
[7] https://scarybeastsecurity.blogspot.cz/2011/07/alert-vsftpd-download-backdoored.html
[8] https://narfation.org/2013/06/23/signed-upstream-tarballs-in-debian

2006-02-01¶

Boycott Starforce^[1]
C++ Pitfalls^[2]
comp.lang.c Frequently Asked Questions^[3]
flipcode - game development harmony^[4]
Game File Format Central - XentaxWiki^[5]
GameDev.net - all your game development needs^[6]
Wotsit.org^[7]
BuGLe: an OpenGL debugging tool^[8]
music source code archive^[9]
Beej's Guide to Network Programming^[10]
Paul Bourke - Personal Pages^[11]
LinuxTracker^[12]

More...^[13]

[1] https://www.glop.org/starforce/
[2] http://developer.kde.org/~wheeler/cpp-pitfalls.html
[3] http://c-faq.com/
[4] http://www.flipcode.com/
[5] https://wiki.xentax.com/
[6] https://www.gamedev.net/
[7] http://www.wotsit.org/
[8] https://www.opengl.org/sdk/tools/BuGLe/
[9] http://www.musicdsp.org/
[10] http://beej.us/guide/bgnet/
[11] http://paulbourke.net/
[12] http://linuxtracker.org/
[13] https://narfation.org/2006/02/01/del-icio-us-links-for-2006

~ecsv

Signed upstream tarballs in Debian #

Del.icio.us links for 2006 #

2006-02-01¶