Re: How secure is the openSUSE Build Service?



Aniruddha was asking which is safer. There is a difference between 3rd
party repositories and official repositories. If you do not trust the
distribution's official repositories your alternative would be Linux
from Scratch and individually checking source tarballs.

On 11/6/07, Thomas <tom@xxxxxxxxxxxxxxxxxx> wrote:
Only if you assume *every* upstream developer is honest and/or trust the
integrity of the Debian/Gentoo/FreeBSD servers... Hello rsync! ;-)

Am Freitag 02 November 2007 schrieb Eduardo Tongson:
Correct.

Does this mean that a distro that doesn't require 3rd party repositories
(Debian/Gentoo/FreeBSD) is safer?







Relevant Pages

  • Re: How secure is the openSUSE Build Service?
    ... party repositories and official repositories. ... In the case of OSS it doesn't matter ... When you trust several thousands developers around the globe, ... dozens of distribution then *one* additional layer in the distribution ...
    (Focus-Linux)
  • Re: Secrecy and user trust
    ... been that some people at other repositories do personally know and interact ... Your assumption absolutely breaks the trust metric. ... that 3rd party repositories are treated just like any other end-user ... Fedora and get the key on some portable media. ...
    (Fedora)
  • Re: Hash Sum mismatch......
    ... Debian in anyway and in fact can be a possible source of problems. ... You could post any problems with 3rd party repositories to: ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
    (Debian-User)
  • Re: Web of Trust (a revolution)
    ... repositories have their own keys. ... I was talking about the community more, ... Again: promoting GnuPG would promote: ... mutual trust ...
    (Fedora)
  • Re: How secure is the openSUSE Build Service?
    ... party repositories and official repositories. ... In the case of OSS it doesn't matter ... When you trust several thousands developers around the globe, ... that Alice really is Alice. ...
    (Focus-Linux)