On Thu, 2007-11-01 at 16:30 +0100, Guenter Dannoritzer wrote:
Aniruddha wrote: [...]
Like I said; I trust the openSUSE package maintainers. I also trust packman, vlc, Nvidia & ATI repo's. However I have trouble determining whether I can trust certain (most notably the home:*) repositories. And again this isn't a problem for me, but it can be for the unsuspecting users that add repositories with '1-Clik'.
Right now I have the home:darix and the home:wberrier repos installed (I thought because I wanted kiso). How can I determine if these are safe repo's (not only in regard to malware but also in regard to breaking my system, overwriting config files etc)?
At the end you always can go and ask the maintainers. Get a feeling how long they have been doing the job. What guidelines are they following to build the package. How do they make sure what they provide does not break your system.
Again it's not about me, I'll manage and I am not afraid to b0rk my system. It's about unsuspecting users that add those repositories with '1-Click'.