Mailinglist Archive: opensuse (5130 mails)
| < Previous | Next > |
Re: [opensuse] KDE supplementary moved to Build Service
- From: Adrian Schröter <adrian@xxxxxxx>
- Date: Wed, 31 May 2006 14:47:31 +0200
- Message-id: <200605311447.31459.adrian@xxxxxxx>
Am Wednesday 31 May 2006 13:04 schrieb Martin Schlander:
> Quick question about the buildservice repos.
>
> Is there an easy way to know who built what?
>
> Though supplementary was unsupported I always took comfort in knowing it
> was built by SUSE packagers - and I considered it at least semi-official.
> Is there a way to assess the "risks" involved with the different repos on
> the buildservice? Or should everything just be considered 100% unofficial?
depends what you mean with unofficial. Supplementarry updates from
ftp.suse.com were also unofficial from the view of SUSE.
However, you have valid point, is not obvious how much you can trust these
packages. We do plan to create a user and trust system later this year where
you can see how is creating these packages and what the community think about
these people.
For now, only a limited number of people do have access and many of them are
involved in the software projects they are building. So I doubt that someone
has some interest to harm them. (Downloading, compiling and install the
source has usually the same risk level).
bye
adrian
--
Adrian Schroeter
SUSE Linux Products GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany
email: adrian@xxxxxxx
> Quick question about the buildservice repos.
>
> Is there an easy way to know who built what?
>
> Though supplementary was unsupported I always took comfort in knowing it
> was built by SUSE packagers - and I considered it at least semi-official.
> Is there a way to assess the "risks" involved with the different repos on
> the buildservice? Or should everything just be considered 100% unofficial?
depends what you mean with unofficial. Supplementarry updates from
ftp.suse.com were also unofficial from the view of SUSE.
However, you have valid point, is not obvious how much you can trust these
packages. We do plan to create a user and trust system later this year where
you can see how is creating these packages and what the community think about
these people.
For now, only a limited number of people do have access and many of them are
involved in the software projects they are building. So I doubt that someone
has some interest to harm them. (Downloading, compiling and install the
source has usually the same risk level).
bye
adrian
--
Adrian Schroeter
SUSE Linux Products GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany
email: adrian@xxxxxxx
| < Previous | Next > |