Here is the gist of it copied from my post in the user forum.
The original post has the output from apt-get and the effect of running the program.Cannot get program to create debian Cds
Postby Marcipicus » 2014-01-17 15:56
Hi there,
I was trying to get the entire source code repository of debian wheezy on a debian cd like the images you can download from the debian site. Anyways I did some research on the internet and I think I needed the debian-cd program(probably the wrong program I should just mirror the site and take the hit in bandwidth use).
Here's the problem I downloaded the program and it looks as if debian-cd is not installed and there were some suspicious packages that were installed along with it namely fakeroot which I don't really trust since someone with the authority to create those cds probably also has root on their machine.
Here's the output from apt-get install debian-cd. I'm concerned with the fakeroot program in particular which you can see in the required packages. http://packages.debian.org/wheezy/fakeroot. I would personally say that code that "simulates" a root environment basically gives them root privileges. Maybe I'm ignorant.
here's the link if you're still interested.
http://forums.debian.net/viewtopic.php?f=10&t=110837
I was hoping to find someone who is knowledgable about this stuff to investigate into the package and when it changed etc.. I'll help if someone needs me to.
I just checked the qa site(http://packages.qa.debian.org/d/debian-cd.html I'm using stable) and it looks to me like the source is still fine but ftp.ca.debian.org mirror might have been hacked and the package replaced with one that gives root access basically. Someone should do some investigating into this since it's a pretty serious breach and there could be other packages that have changed.
Please let me know if there's an investigation going on into this since I'm kind of interested in what happened.