On Thu, 2007-11-01 at 11:50 +0100, Guenter Dannoritzer wrote:
Aniruddha wrote:
[...]
I think it would be best to enlarge the packages that belong in the main distro. Since openSUSE became open source this really should be possible (one team focus on packaging another one putting the packages together for a new distro).
No way. Now you are digging the security hole. What you have now is a fairly secure distribution with a set of core packages. Every repository you add from the build service is up to your trust.
Again it's impossible to tell if you can trust some *home repo. Off course I trust the build service repo's as wel packman repo's. For me this isn't a problem but for other users it might be. Let's for example take an executive that uses it's laptop to work at home, listen to mp3's and watch dvd's. His laptop contains sensitive data. To be 100% secure either:
-He ends up with 'barenaked version' on which he only can work. -Adds some trusted repositories (buildservice, packman) to get additional functionality
It would not be advisable for him to use openSUSE buildservice and it's 1-Click install service.
I see that as a security policy. The big point is that I trust the core distribution. If you now add more packages to the core distribution, it will suffer in quality and security unless you increase the core team to handle the increased number of packages.
Since openSUSE is opensourced that would be the way to go (attract more devs & support more packages)
Instead it would be rather good to add some review policy for the build service, independent of the core distribution. That review team would give some quality and security certificates to packages.
That would be a great step forward.