On Sat, 2005-08-13 at 00:34 +0200, Víctor Fernández Martínez wrote:
El Sábado, 13 de Agosto de 2005 00:14, Ken Schneider escribió:
On Sat, 2005-08-13 at 00:04 +0200, Víctor Fernández Martínez wrote:
El Viernes, 12 de Agosto de 2005 21:18, Eberhard Moenkeberg escribió:
There is no proof against a good guy turning bad some day...
At least some people publish their .src.rpm so it would be possible to take a look at the specfile. I really encourage everybody to publish their .src.rpm's. Of course they still can publish a modified .src.rpm which doesn't correspond to the real .src.rpm but if you don't trust them, you can build the .src.rpm. Right now there's not much more you can do.
Anyway I don't think that's the bigger problem. The bigger problem is the packages might be buggy or have broken dependencies and so on, perhaps because some of them haven't been properly tested. That could mess an installation or at least cause problems.
Simple solution would be for the developers to install their own package on a clean install of the target OS and fix the dep issues or make sure the deps are available.
Yes but maintaining a clean install to test the packages is hard. You don't really know how fast the "clean" install becomes a "dirty" install. ;) Or perhaps you don't have the time to deeply test the packages and you assume they work properly since everything seems to be ok.
I will agree with that to a certain point. Perhaps an install using VMware could be used for so that there would always be a clean install. VMware does have snapshots available so that you can roll back changes. It's just a thought. -- Ken Schneider UNIX since 1989, linux since 1994, SuSE since 1998 "The day Microsoft makes something that doesn't suck is probably the day they start making vacuum cleaners." -Ernst Jan Plugge