Submission + - Security risk of OSS software
An anonymous reader writes: WordPress announced that someone cracked their server and inserted malicious code in their product. This, in itself, has nothing to do specifically with Open Source Software — the same problem could have arisen with proprietary software that is made available on an imperfectly-secured web site. OSS may be more susceptible to this kind of problem, however, because the software is often distributed through a wide variety of mirrors, and because their servers are by nature more open to access to the general public. How many OSS distributions supply an MD5 hash, and how many users check their download against it? Does anyone besides me prefer to download directly from the originating organization, instead of from a server at some university that might be hacked?