* cagsm <cumandgets0mem00f@gmail.com> [06-14-22 13:26]:
On Tue, Jun 14, 2022 at 3:12 PM Patrick Shanahan <paka@opensuse.org> wrote:
How about the community provided packages on these repositories and in the opensuse universe, how strustworthy are these builds and compilations? Is there some safeguards against misuse and malicious codes compilation or such things in the build infrastructure of opensuse, or are there always multiple people guarding and owning these projects and packages or how does all this work? do I just trust this repository or project, oneclick install etc? how safe are you walking across the street?
well I am trying to find some ways and starting points to bootstrap into this universe. The zypper says I need to check the trust before accepting it e.g. via some other ways to acquire the authors pgp key for example via the homepage. seriously how to establish and start
<trim>
<https://build.opensuse.org/users/ecsos> I dont see homepages or other means and other main sources of authority for keys? or how is this supposed to work? how to establish trust to this author and its produce?
I do not use "oneclick", but manually dl and install.
about this oneclick, I was actually thinking this would also simply add this one repo of "ecsos" and prepare zypp, but when selecting that oneclick stuff from the pages at
or
a yast repositories gui comes up and it kind of shows like tens of repos its trying to add lot of stuff scary to me? <https://paste.opensuse.org/46477611>
Why this huge difference to that single repo that is given in the expert details on software opensuse org
I cannot help you with YaST as I quite some time ago began exclusively using zypper. I can advise that I have successfully used packages built by "ecsos". but, ymmv I endorse no-one. -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet oftc