Mailinglist Archive: opensuse-buildservice (349 mails)

< Previous Next >
Re: [opensuse-buildservice] Re: How secure is openSUSE build service?
  • From: Aniruddha <mailing_list@xxxxxxxxx>
  • Date: Thu, 01 Nov 2007 09:16:28 +0100
  • Message-id: <1193904988.3576.122.camel@xxxxxxxxxxxx>
On Thu, 2007-11-01 at 06:01 +0000, Eric M. Gearhart wrote:
Not true. The same restricted formats are unavailable in
Gentoo/FreeBSD/Debian/Ubuntu until you add 3rd party repositories, which were
built and created by people that aren't part of that distribution's "offical
team." You still have the same problem.

This really is non-sense. If you have used Gentoo/FreeBSD/Debian/ you
should know better. I know for a fact that:

Gentoo/FreeBSD doesn't require any third-party repositories to get
restricted formats working. You can see it for yourself:
http://gentoo-portage.com/ http://www.freebsd.org/ports/

Debian only doesn't offer dvd support, which you can get at
( http://www.debian-multimedia.org/ ). This site has been maintained for
years now by Debian dev Christian and is therefor a trusted resource
(just as packman and guru). I assume the same goes for Ubuntu.


If you're this paranoid about third-party packages you'd do best to buy a
commercial distro such as SLED 10 and only update from its official update
source. It seems anything built by the community-at-large would not be
trusted by you... it would be nearly impossible to achieve the level of
integrity that you're asking for, unless a company was involved that verified
each package didn't do anything nasty (that's why I mention a commercial
distro). Just doing an md5 sum of a package and signing it doesn't guarantee
that the packager still isn't doing something evil in the package itself...
you'd still have to trust the package maintainer at the end of the day.

Just my .02

How many package does SLED 10 / openSUSE offer (1000-3000)? Compare this
to 14000-22000 packages the aforementioned distro's offer (without
third-party repo's and with security fixes). You'll be missing a lot of
functionality. It's like getting the keys to a beautiful sport car but
you can't drive.

--
Regards,

Aniruddha

Please adhere to the OpenSUSE_mailing_list_netiquette
http://en.opensuse.org/OpenSUSE_mailing_list_netiquette


---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx

< Previous Next >
References