Mailinglist Archive: opensuse-buildservice (284 mails)

< Previous Next >
Re: [opensuse-buildservice] Re: How secure is openSUSE build service?
  • From: "Benji Weber" <b.weber@xxxxxxxxxxxxx>
  • Date: Wed, 31 Oct 2007 23:57:33 +0000
  • Message-id: <d6b310ce0710311657h10d3eac9s3701420e6c67b67f@xxxxxxxxxxxxxx>
On 31/10/2007, Aniruddha <mailing_list@xxxxxxxxx> wrote:
In Gentoo/FreeBSD/Debian/Ubuntu/ you don't have to worry about that since
the maintainer of that package checks this for you.

You are trusting the Gentoo/FreeBSD/Debian/Ubuntu packager to do the
checks contientiously, and not insert anything malicious h(im|er)self.

Apparently in openSuSE there is no such safety precaution.

You have to trust the packager just the same. There are additional
third party repositories for the other distributions too & you have to
decide whether to trust those. SOme might argue that the core packages
that make up the openSUSE distribution be trusted more as it is the
base for SLE which has to have rigorous checks. But at the end of the
day it depends who you trust.

Since everything in the build service is free software you can always
check the source the packages are built from yourself if you wish, and
so can anyone else, which provides as much as a safeguard as possible.

--
Benjamin Weber
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx

< Previous Next >