Linux Security Database (LSD)
LSD tracks the security status of software projects for various GNU/Linux distributions. This page contains project details and analysis results. Visit the LSD GitHub repository for the source code of this project.
This project is a work in progress and it is likely that the code and web pages change.
LSD is a software project which analyzes package data and stores it inside a database. The database is then queried for the analyzes data and results are represented in different diagrams.
LSD currently only supports the analysis of Arch Linux but will get extended with other operating systems soon. A general software knowledge database with information about available gpg signatures, https, bugtracker links, etc. will be created too.
A secure operating system requires securely packaged software. In order to secure the packaging process upstream developers need to sign their sources with GPG and optimally provide then over an encrypted HTTPS connection.
A single tampered package can compromise the system, no matter if its just an icon theme or a core feature. The reason why the LSD project was started to track the current status of the package security of several distributions and improve it over time.
The results of the analysis can be found on the pages below:
- Software (TODO)
- Arch Linux
- More planned
The analysis is written in Python and available from the LSD GitHub repository. Everything is described in detail there. Additional information about the security analysis of Arch Linux can be found in my paper (german), which is going to be published soon.
I want to help!
Great! There are several options you can do: