"We simply did not notice, but should have. We did not check the files on all mirrors regularly, but should have. We did not sign releases through PGP/GPG, but should have done so."
—
From Linux Trojan Raises Malware Concerns.
Linux, let’s say OSS, isn’t secure per se. You have to do your work.
