Have you read and understood what was stated in that kubuntu forum posting?
Have you understood what I am asking/questioning here?
Novell/openSUSE has pushed out the development of oS unto "the community" - the "Build Service" - and any upgrades to the oS are installed with zypper or YaST which ask for root privileges before being implemented.
As far as I am aware Novell/openSUSE have no way of checking the benevolence of what is produced in BS - except by user peer-review. And by the time the review is made the damage to some system is done -- but Linux keeps claiming, or at least not coming forward to dispel the impression, that users hold that Linux is not vulnerable to security breaches.
For sources to be included in the openSUSE Factory and openSUSE release they have to pass 2-3 review steps. - The packager itself who submits the package. (You probably assume he might be malicious). - The reviewing maintainer in the Development Projects of openSUSE Factory. - The build team who finally checks in the sources into openSUSE Factory. Things could be slipped by those 2 additional reviewers with enough subterfugue or obfuscation. The rest of the openSUSE buildservice repositories are of course under the control of the people maintaining those projects/repos. So if you install stuff from home:kevinmitnick:something the "kevinmitnick" user is totally in control of what is contained there, be it evil or good. We (as openSUSE project or Novell) do not control that. So in the end you should apply varying degrees of trust to different OBS projects. Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org