Mailinglist Archive: opensuse (4344 mails)
| < Previous | Next > |
Re: [opensuse] apt-suser Security problem? (was: Re: [opensuse] Contrib repository)
- From: Víctor Fernández Martínez <vfernandez@xxxxxxxxxxxxxx>
- Date: Sat, 13 Aug 2005 00:04:57 +0200
- Message-id: <200508130004.57358.vfernandez@xxxxxxxxxxxxxx>
El Viernes, 12 de Agosto de 2005 21:18, Eberhard Moenkeberg escribió:
> There is no proof against a good guy turning bad some day...
At least some people publish their .src.rpm so it would be possible to take a
look at the specfile. I really encourage everybody to publish
their .src.rpm's. Of course they still can publish a modified .src.rpm which
doesn't correspond to the real .src.rpm but if you don't trust them, you can
build the .src.rpm. Right now there's not much more you can do.
Anyway I don't think that's the bigger problem. The bigger problem is the
packages might be buggy or have broken dependencies and so on, perhaps
because some of them haven't been properly tested. That could mess an
installation or at least cause problems.
I suppose when openSUSE will open the contrib repository there will have some
kind of control to the packages and you will contribute the .src.rpm, not the
binary rpms, so there won't be a way to hide something.
--
Víctor Fernández Martínez
Gabinete de prensa de PoLinux [www.polinux.upv.es]. Usuario de Linux
registrado #312284 en http://counter.li.org.
> There is no proof against a good guy turning bad some day...
At least some people publish their .src.rpm so it would be possible to take a
look at the specfile. I really encourage everybody to publish
their .src.rpm's. Of course they still can publish a modified .src.rpm which
doesn't correspond to the real .src.rpm but if you don't trust them, you can
build the .src.rpm. Right now there's not much more you can do.
Anyway I don't think that's the bigger problem. The bigger problem is the
packages might be buggy or have broken dependencies and so on, perhaps
because some of them haven't been properly tested. That could mess an
installation or at least cause problems.
I suppose when openSUSE will open the contrib repository there will have some
kind of control to the packages and you will contribute the .src.rpm, not the
binary rpms, so there won't be a way to hide something.
--
Víctor Fernández Martínez
Gabinete de prensa de PoLinux [www.polinux.upv.es]. Usuario de Linux
registrado #312284 en http://counter.li.org.
| < Previous | Next > |