1. 6

This paper reviews common attack vectors against package management systems, analyzes both APT and YUM, and points out a number of flaws in them. Many of the attacks discussed are general in nature and could be applied to any sort of ports, packages, or binary update system.

The source of the paper is ftp://ftp.cs.arizona.edu/reports/2008/TR08-02.pdf. Lobste.rs doesn’t allow the submission of ftp:// links so I had to mirror it.