On Thursday 01 November 2007 01:16:34 wrote Aniruddha:
On Wed, 2007-10-31 at 23:57 +0000, Benji Weber wrote:
On 31/10/2007, Aniruddha mailing_list@orange.nl wrote:
In Gentoo/FreeBSD/Debian/Ubuntu/ you don't have to worry about that since the maintainer of that package checks this for you.
You are trusting the Gentoo/FreeBSD/Debian/Ubuntu packager to do the checks contientiously, and not insert anything malicious h(im|er)self.
Apparently in openSuSE there is no such safety precaution.
You have to trust the packager just the same. There are additional third party repositories for the other distributions too & you have to decide whether to trust those. SOme might argue that the core packages that make up the openSUSE distribution be trusted more as it is the base for SLE which has to have rigorous checks. But at the end of the day it depends who you trust.
For Gentoo/FreeBSD/Debian/Ubuntu/ there aren't additional repositories necessary since these distributions maintain 14000-22000 packages themselves. openSUSE on the other hand forces you to use 3r party repositories to get basic functionality working (see http://opensuse-community.org/Restricted_Formats/10.3 ).
And you don't have to trust the packager, you trust the distribution and it's security policy. And don't forget packages passes many hands before ending up in the stable tree. In Debian/Ubuntu it goes from Experimental to Unstable to Testing to Stable. I can assure that when it arrives at Stable you can trust it for 100%. Gentoo/FreeBSD is the same, they have a very, very long testing period for new packages finally arrive in the stable tree.
This not true .. You need to trust the packager is working according to the policy, you need to trust that the packager have reviewed the new source tar ball and you need to trust that the original authors have not build in hidden traps.
Putting lots of packages into one large repo does not help you, as long you do not add extra review mechanisms. Which can't be that extensive, if you increase the number of packages.
Since the are also different requeriments (you want to be more care full on your critical server than on your test systems) it is better to have multiple repositories with different requirements for the trust and let the user decide.
Compare this to the openSUSE buildservice where everyone can get an account start a repo and wreck havoc because there aren't any safety precautions.
Right, but only stuff in home:* can get added by them. So you are already one step more secure when you do not use these repos.
Since everything in the build service is free software you can always check the source the packages are built from yourself if you wish, and so can anyone else, which provides as much as a safeguard as possible.
This can be doen for a few packages that you manually compile, however openSUSE relies so heavily on the buildservice for functionality that it becomes a daunting task to check all these packages yourself.
All packages checked into the main distro get a review. This is also the reaons why it takes sometime until a new version appears there.
What is indeed missing is a peer review and rating system to help the users to decide which repos to trust or not...
I personally consider this approach more secure than a one large repo where everybody gets easily an account no one is really doing source reviews of new submitted tar balls. One the other hand, our modell still allows that new packagers can start immediatly and make their stuff available. It is up to the user to install it or not. (and keep in mind that downloading the source and install yourself is maybe even more unsecure, because there is not even a packager review).
bye adrian