Aniruddha wrote:
On Thu, 2007-11-01 at 00:39 +0100, Guenter Dannoritzer wrote:
[...]
Would you trust a software, that you compile yourself from source on your computer, more than a RPM package of that software that you got from the build service? How would you tell that the source does not contain malicious parts?
In Gentoo/FreeBSD/Debian/Ubuntu/ you don't have to worry about that since the maintainer of that package checks this for you.
Apparently in openSuSE there is no such safety precaution.
It appears to me that you are not worried about security, but driven by affection to a certain distributions.
I could argue that I do not trust any of the distributions you just named, because non of their developers is accountable to any organization. In contrast the core developer of openSUSE are employees and accountable to their company.
If you are really concerned about security you have to go the whole way. The first step is to make sure the source is clean. Then check that the build was done with that clean source and not manipulated. Finally that the package you are installing is really the one that got build with the build service.
Cheers,
Guenter
--------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org