Hi, On Fri, 12 Aug 2005, [ISO-8859-15] Sören Wengerowsky wrote:
Eberhard Moenkeberg schrieb:
If you will give me an rsync access to your repository, I would like to mirror your repositories at
ftp://ftp.gwdg.de/pub/linux/misc/suser-vfernand/ http://ftp.gwdg.de/pub/linux/misc/suser-vfernand/ rsync://ftp.gwdg.de/pub/linux/misc/suser-vfernand/
and include them into the apt repositories at ftp.gwdg.de.
I have a question... maybe it's not worth to discuss... but I'm concerned with this for a while now.
First of all: I have no problems with Victor becoming an suser or so. I'm using the repositorys of the susers, too. And i like it, that there are a lot of packages you can't get elsewhere.
I have just a Problem with the concept of the suser-trees.
As some susers, I've talked to, told me, it wasn't necessary for them, to disclose their identity or so.
They had not to tell you (or another admin, i don't know...) their real name, nor a copy of the identification card or something like that... the rpms are only gpg-signed, so that it is sure, that someone called suser-xy has built the packages.
I see the problem, that it could be possible, to someone wanting to damage the SUSE community, to build packages with scripts who do rm -rf / or something similar, and if the rpm is given a version-number higher as the ones from SUSE or Packman, a lot (all?) of the apt4rpm-User will get a packages with bad scripts...
And yes, there are a lot of people wanting to damage the linux-communitys. About a year ago, there has been a DDoS - attack with more of 90000 IPs on one of the servers of http://linuxforen.de. I can't really imagine, why someone does things like that, but there were news, that a lot of linux-side-companys were attacked like that, too. For this people, who want to disadvantage linux-community, would be the easiest to upload bad rpms.
I don't know, how this is managed by Debian or other community-projects, or if the packages are checked automatically by some way...
There is no proof against a good guy turning bad some day... Cheers -e -- Eberhard Moenkeberg (emoenke@gwdg.de, em@kki.org)