Yum failing me...
Paul Howarth
paul at city-fan.org
Fri Jul 29 07:09:05 UTC 2005
On Thu, 2005-07-28 at 16:25 -0400, Tony Nelson wrote:
> At 6:26 PM +0300 7/28/05, Dotan Cohen wrote:
> >...Tell me, how carefully watched are the people who maintain
> >packages in, say, extras? Can these repros really be trusted in that
> >sense? I guess that I am, in a way, letting the maintainers of the
> >repros add anything that they like to my system- I don't have the
> >knowledge to go over every last package, and as a home user, I do not
> >plan on aquiring that knowledge.
>
> Put another way, are there any known cases where a packager for a major
> distro or repo has acted with malicious intent? (I'm also curious about
> this.)
Not that I know of, but I do recall issues with the ftp servers for
major bits of software being compromised and the source code being
tampered with there. That's why it's a good idea always to check GPG
signatures when provided for tarballs you may download.
Paul.
--
Paul Howarth <paul at city-fan.org>
More information about the fedora-list
mailing list