On Sun, 23 Jan 2011, Nico Kadel-Garcia wrote: > To: CentOS mailing list <centos@xxxxxxxxxx> > From: Nico Kadel-Garcia <nkadel@xxxxxxxxx> > Subject: Re: tcptrack for Centos 5.5 32bit rpm > > On Sun, Jan 16, 2011 at 4:07 PM, Keith Roberts <keith@xxxxxxxxxxxx> wrote: >> Hi list. >> >> I have rebuilt tcptrack now. >> >> You can get it from here: >> >> http://www.karsites.net/centos/downloads/5.5/tcptrack-1.3.0-1.el5.i386.rpm > > Oh, boy. Keith? We may love you and think you're cool and your tools > handy, but we have *no idea* of the safety or reliability of your > source code. Please be sure to publish your SRPM with it. If you don't > do this, you may also run afoul of the GP. (I just checked: the > current tcptrack is under GPLv2). The home page is at > http://www.rhythm.cx/~steve/devel/tcptrack/ > > To avoid this kind of problem, I suggest you take a look at > http://rpm.pbone.net/ to see if there are RPM's for your particular OS > when writing packages. Sure enough, version 1.4.0 is available at > RPMforge. And RPMforge is very amenable to adding interesting > packages, and pretty good about checking packages for their > provenance: I've been submitting .spec files packages there for quite > some time. > >> It's not signed, so to install it with yum as root user, do: >> >> # yum localinstall --nogpgcheck tcptrack-1.3.0-1.el5.i386.rpm > > Please don't! You've not published source code for this, and a network > monitoring tool built without good provenance is begging to send > interesting packets offsite to an unknown repository. Not that you've > done this, Keith, but as a general approach, random software packages > off the net should be reviewed before installation. > > It's right in RPMforge, which has source code and a more recent > version. I personally install the rpmforge-release package, then > disable default access to it to protect my base systemm from conflicts > with EPEL or the base OS, and pick and choose packages as necessary. > (The subversion and rsync updates are very useful.) Hi Nico. Thanks for all those tips :) Yes, that's what I do with 3rd party repos as well. I have pulled the plug on tcptrack-1.3.0-1.el5.i386.rpm, and all that's left now is: 2317 Dec 19 13:16 Fedora6-GPG-public-key.asc 148276 Jan 23 16:23 qps-1.9.18~6.src.rpm 187376 Dec 19 13:13 qps-1.9.18~.i386.rpm I got the qps source from Fedora's koji site. The F6 public key is for anyone else that wants to rebuild qps - maybe for a different linux distro. I do intend to set up a proper 3rd party repo for Centos, as soon as I have the time to read up on things. Kind Regards, Keith ----------------------------------------------------------------- Websites: http://www.karsites.net http://www.php-debuggers.net http://www.raised-from-the-dead.org.uk All email addresses are challenge-response protected with TMDA [http://tmda.net] ----------------------------------------------------------------- _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos