Not entirely true, Debian actually made OpenSSL less secure once: https://www.de... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		ryacko on July 29, 2019 \| parent \| context \| favorite \| on: Malicious code in the purescript NPM installer Not entirely true, Debian actually made OpenSSL less secure once: https://www.debian.org/security/2008/dsa-1571

umanwizard on July 29, 2019 [–]

This doesn’t contradict my point. I never said that Debian maintainers are more trustworthy than upstream 100% of the time.

I merely said that Debian packages are built, uploaded, and vended by Debian package maintainers, not by upstream. Whether that makes them more trustworthy or less is a different question.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact