On Thu, 2007-11-01 at 09:09 +0100, Adrian Schröter wrote:
On Thursday 01 November 2007 09:01:27 wrote Aniruddha: ...
"Something" must be *terribly* wrong somewhere as no "problems" I am aware have been made public.
That is no argument. Right now apparently openSUSE has a big gaping security hole which can be exploited in the future. And who should make us aware of "problems" when none checks the repos' anyways?
Not more or less than installing the software from somewhere else ...
But I agree that this could be way more transparent, we did plan to create a "trust" portal from the beginning, it is just work to do so.
As long as we want to have lots of software and always the latest version, the user needs to decide if he trust it. But we can help him here.
Agreed, maybe it is a good idea to enhance the roadmap with planned security features. If I can help in any way (I am not a programmer) just let me know. I would love to help think about the security features enhancements for the openSUSE buildservice.
I understand your concern, you have NO trust of anyone. I believe there is a word for that, but....
Trust is no replacement of good security policies.
Well, a policy helps you nothing, if you do not trust the people. They can ignore it easily.
Off course, however a system that moves a package form experimental to unstable etc. can be considered safer then a system that offers packages from one repository with 1-Click without such checks. That's what I meant with 'policy'.