Michael Tokarev ?????: > Divick Kishore wrote: >>> Also I am not sure that as such packages __should__ not be downloaded >>> from any unknown site but only from trusted debian mirrors. Am I not >>> open to any security issues in case I install the package downloaded >>> from www.corpit.ru? >> Or in fact downloaded from any other site pointed out by someone on >> the mailing list. Why should / should not trust packages downloaded >> from non standard debian mirrors? > > Well, it's your choice really. > > I maintained kvm (and later qemu-kvm) package for debian for a long > time because the one in debian is too old to be usable. It was a long > way before I was able to communicate with debian maintainer, and now > I co-maintain it -- there is qemu-kvm-0.11.1 in -testing now, but it > depends on many other libraries in -testing. For over a year kvm in > debian was unusable - so much for trusted/standard mirrors. By the way, it's no more risk when you grab any other software and run it on your machines. Like for example kvm from official sources (and compile it) -- did you check for trojan horses and the like in the source? > As of the error you've got -- you're the first to report it, apparently > no one else noticed that it depends on a single package that is not in > lenny -- it's libgnutls26. You can install this library from -testing > or wait till I re-upload new version to www.corpit.ru. Uploaded, still 0.11.0 - I have no time right now to update to 0.11.1 or 0.12 (and the latter is quite unstable anyway). But 0.11.0 is a good version. Grab qemu-kvm_0.11.0+dfsg-1tls2_amd64.deb or qemu-kvm_0.11.0+dfsg-1tls2_i386.deb depending on your arch. /mjt -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
