|
Focus on Linux
Re: How secure is the openSUSE Build Service? Nov 02 2007 01:55AM Eduardo Tongson (propolice gmail com) (1 replies) Re: How secure is the openSUSE Build Service? Nov 06 2007 07:40AM Thomas (tom electric-sheep org) (2 replies) Re: How secure is the openSUSE Build Service? Nov 07 2007 01:18AM Eduardo Tongson (propolice gmail com) (1 replies) Re: How secure is the openSUSE Build Service? Nov 07 2007 06:16AM Thomas (tom electric-sheep org) (1 replies) Re: How secure is the openSUSE Build Service? Nov 07 2007 07:52PM Greg Metcalfe (metcalfegreg qwest net) (1 replies) |
|
 Privacy Statement |
> Only if you assume *every* upstream developer is honest and/or trust the
> integrity of the Debian/Gentoo/FreeBSD servers... Hello rsync! ;-)
>
I have to disagree. Trusting every upstream developer, and all the admins who
maintain the systems (build farms, download servers, etc.) is clearly
impossible. Both groups are largely unknown to end users.
Far more important is the level of trust you place in the integrity with which
the project is run. If a download server is compromised (which has happened)
are the admins both skilled and forthcoming about fixing the problem, and
communicating what packages might be at risk? Is a software project developer
community careful about how they evaluate patches, do they reliably backport
patches against a development release to their stable release when it's
appropriate, etc.
In general terms, trust isn't binary, but a continuum, and I'd regard a
well-run distribution with no third-party repositories as safer.
> Am Freitag 02 November 2007 schrieb Eduardo Tongson:
> > Correct.
> >
> > > Does this mean that a distro that doesn't require 3rd party
> > > repositories (Debian/Gentoo/FreeBSD) is safer?
[ reply ]