Re: How secure is the openSUSE Build Service?
- From: Thomas <tom@xxxxxxxxxxxxxxxxxx>
- Date: Wed, 7 Nov 2007 07:16:49 +0100
Am Mittwoch 07 November 2007 schrieb Eduardo Tongson:
Aniruddha was asking which is safer. There is a difference between 3rd
party repositories and official repositories. If you do not trust the
distribution's official repositories your alternative would be Linux
from Scratch and individually checking source tarballs.
Which is - of course - very impracticable. :)
I think it is *not* less secure. In the case of OSS it doesn't matter
anymore. When you trust several thousands developers around the globe,
hundreds of CVS, SVN, rsync, FTP, HTTP servers used for development and
dozens of distribution then *one* additional layer in the distribution
process doesn't really matter.
It is a matter of trust and not a matter of security.
--
Tom <tom@xxxxxxxxxxxxxxxxxx>
fingerprint = F055 43E5 1F3C 4F4F 9182 CD59 DBC6 111A 8516 8DBF
- Follow-Ups:
- Re: How secure is the openSUSE Build Service?
- From: Greg Metcalfe
- Re: How secure is the openSUSE Build Service?
- References:
- How secure is the openSUSE Build Service?
- From: Aniruddha
- Re: How secure is the openSUSE Build Service?
- From: Thomas
- Re: How secure is the openSUSE Build Service?
- From: Eduardo Tongson
- How secure is the openSUSE Build Service?
- Prev by Date: Re: How secure is the openSUSE Build Service?
- Next by Date: Re: How secure is the openSUSE Build Service?
- Previous by thread: Re: How secure is the openSUSE Build Service?
- Next by thread: Re: How secure is the openSUSE Build Service?
- Index(es):
Relevant Pages
|
|
