On Mon, 2003-04-28 at 15:08, Joe Klemmer wrote: > On Mon, 2003-04-28 at 03:25, Klaasjan Brand wrote: > > > > RHN provides some nice features if you need to use them. But most > > > people don't need them. Use apt-get/synaptic and have no worries. > > > > Use apt-get and let someone else have root access on your machine. You > > are aware that every rpm you install can contain scripts which run as > > root? It's just a question of who you trust more, Red Hat or the > > freshrpms (+ every other apt source you specify) people... > > I'd trust Matthias' rpms as much as those from RHN. But I've had > experience with him as a RH mirror. It's true that there's a very real > security issue with how rpm works but freshrpms and falshope have been > quite reliable over the years. I'm not trying to make freshrpms look bad, as I'm a happy user myself ;) but I triggered on the "no worries" a few posts back. I think everyone should at least make a conscious decision before adding "untrusted" binaries to their system. Anyway, I tend to trust Redhat a bit more since they have commercial interests in keeping their distribution "clean". I don't expect anybody in the open-source community trying to install back doors on systems, but who guarantees some rpm server far away won't be hacked into? -- Klaasjan Brand <kjb@xxxxxx>
