Aniruddha wrote:
On Thu, 2007-11-01 at 11:33 +0100, Guenter Dannoritzer wrote:
[...]
If you are really concerned about security you have to go the whole way. The first step is to make sure the source is clean. Then check that the build was done with that clean source and not manipulated. Finally that the package you are installing is really the one that got build with the build service.
That's what the package maintainers do.
First, what makes you trust a package maintainer from any other distribution more than a package maintainer from openSUSE? Unless you know a person personally I don't see any difference.
Second, I am questioning whether there is any package maintainer that checks a software for malicious parts. There are people that check for security breaches in software, but they are not necessarily package maintainer. I would assume that the major time a package maintainer spends in getting the software to build and fit into the distribution.
Guenter
--------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org