SecurityFocus

Re: How secure is the openSUSE Build Service? Nov 02 2007 01:55AM
Eduardo Tongson (propolice gmail com) (1 replies)

Re: How secure is the openSUSE Build Service? Nov 06 2007 07:40AM
Thomas (tom electric-sheep org) (2 replies)

Re: How secure is the openSUSE Build Service? Nov 07 2007 01:18AM
Eduardo Tongson (propolice gmail com) (1 replies)

Re: How secure is the openSUSE Build Service? Nov 07 2007 06:16AM
Thomas (tom electric-sheep org) (1 replies)

Am Mittwoch 07 November 2007 schrieb Eduardo Tongson:
> Aniruddha was asking which is safer. There is a difference between 3rd
> party repositories and official repositories. If you do not trust the
> distribution's official repositories your alternative would be Linux
> from Scratch and individually checking source tarballs.

Which is - of course - very impracticable. :)

I think it is *not* less secure. In the case of OSS it doesn't matter
anymore. When you trust several thousands developers around the globe,
hundreds of CVS, SVN, rsync, FTP, HTTP servers used for development and
dozens of distribution then *one* additional layer in the distribution
process doesn't really matter.

It is a matter of trust and not a matter of security.

--
Tom <tom (at) electric-sheep (dot) org [email concealed]>
fingerprint = F055 43E5 1F3C 4F4F 9182 CD59 DBC6 111A 8516 8DBF

[ reply ]

Re: How secure is the openSUSE Build Service? Nov 07 2007 07:52PM
Greg Metcalfe (metcalfegreg qwest net) (1 replies)

Re: How secure is the openSUSE Build Service? Nov 12 2007 09:39AM
Thomas (tom electric-sheep org)

Re: How secure is the openSUSE Build Service? Nov 06 2007 07:41PM
Greg Metcalfe (metcalfegreg qwest net)