My policy of diving behind the sofa in a tin hat is not going to do it?Lobster,
Puppy's primary security weakness is its unrestricted and unpoliced repositories structure. Anything can be built into a puppy, a pet or a puppy sfs. Users installing and using install and use what is in the package.
Would (for example) spup being built from Slackware binaries and only providing binaries from Slackware in PPM be potentially more 'policed?
Same question for a dpup?
Would that mean that systems such as TXZpup of Fatdog (outside of Woof) would be more secure or again trust in the developer is required?Puppy's second security weakness is the woof build system, because it provides a seemingly secure collection of system programs for all puplet builders to download and install. As with the unrestricted and unpoliced repositories, the woof system is potentially insecure, for being potentially, intentionally, misguidedly, "for security", or accidentally infected with malware, spyware, etc.
The problem for me is knowledge. I believe the most likely compromises are already in the the Linux kernel or in major browsers. Perhaps in combination.
However I do not know and must rely on part time grayhats to point out where these are and how to circumnavigate them.
It would seem that a government sponsored 'secure system' is more of a target (because of the potential users)?