Re: How secure is the openSUSE Build Service?
- From: Greg Metcalfe <metcalfegreg@xxxxxxxxx>
- Date: Tue, 6 Nov 2007 11:41:47 -0800
On Monday 05 November 2007 11:40:05 pm Thomas wrote:
Only if you assume *every* upstream developer is honest and/or trust theI have to disagree. Trusting every upstream developer, and all the admins who
integrity of the Debian/Gentoo/FreeBSD servers... Hello rsync! ;-)
maintain the systems (build farms, download servers, etc.) is clearly
impossible. Both groups are largely unknown to end users.
Far more important is the level of trust you place in the integrity with which
the project is run. If a download server is compromised (which has happened)
are the admins both skilled and forthcoming about fixing the problem, and
communicating what packages might be at risk? Is a software project developer
community careful about how they evaluate patches, do they reliably backport
patches against a development release to their stable release when it's
In general terms, trust isn't binary, but a continuum, and I'd regard a
well-run distribution with no third-party repositories as safer.
Am Freitag 02 November 2007 schrieb Eduardo Tongson:
Does this mean that a distro that doesn't require 3rd party
repositories (Debian/Gentoo/FreeBSD) is safer?
- Prev by Date: Re: How secure is the openSUSE Build Service?
- Next by Date: Re: How secure is the openSUSE Build Service?
- Previous by thread: Re: How secure is the openSUSE Build Service?