For Gentoo/FreeBSD/Debian/Ubuntu/ there aren't additional repositories necessary since these distributions maintain 14000-22000 packages themselves. openSUSE on the other hand forces you to use 3r party repositories to get basic functionality working (see http://opensuse-community.org/Restricted_Formats/10.3 ).
Not true. The same restricted formats are unavailable in Gentoo/FreeBSD/Debian/Ubuntu until you add 3rd party repositories, which were built and created by people that aren't part of that distribution's "offical team." You still have the same problem. If you're this paranoid about third-party packages you'd do best to buy a commercial distro such as SLED 10 and only update from its official update source. It seems anything built by the community-at-large would not be trusted by you... it would be nearly impossible to achieve the level of integrity that you're asking for, unless a company was involved that verified each package didn't do anything nasty (that's why I mention a commercial distro). Just doing an md5 sum of a package and signing it doesn't guarantee that the packager still isn't doing something evil in the package itself... you'd still have to trust the package maintainer at the end of the day. Just my .02 -- Eric http://nixwizard.net --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org