 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
Kristian Hermansen wrote: > Universe and multiverse are not enabled by > default, but they are hosted by the Ubuntu repositories. This means > you can trust your source, for the most part. With Red Hat/FC, I > always needed to add repositories not hosted by the official FC repos, > and that's very dangerous. Well, it's not inherently dangerous. It does require you to trust people from different organizations though. > You can't always trust those packages which have been built and offered > by third parties. That's true, but if you can establish trust with the third party, then you can be just as confident as you are in "official" repos. > In any event, > default Ubuntu install still has your FC6 beat hands down on the quite > incorrect "wc -l" test... > > # aptitude search ~n | wc -l > 6265 > No it doesn't. From a couple emails ago: Matthew Gillen wrote: > Running that command on FC6 (with the Livna repo disabled so only the > default-installed repos are counted) yields 6797 packages. > Who's to say that your third-party repo will stick around for the life > of your distro? Fair enough. But if the software is used by enough people, there's sure to be a replacement soon. Or there's already more than one third-party. > insecure repositories. Heh, maybe I should just setup my own Fedora > repository and get tons of it's users to trust me, then one day, once > I have 50,000 users, change the acroread package post install script > to ping -f some servers. You see, I would be wary of third-party > repositories. I learned that lesson a long time ago! Getting that many users would require a lot of time and effort (users expect high availability, quality packages, quick fixes when your updates break things, etc). Liken it to getting commit access to the Ubuntu (or BSD for that matter) code repositories: you could do the same thing if you earned people's trust by doing useful things for a long time. The amount of effort to position yourself that way would almost certainly outweigh however much money you could make from the one chance you'd get to DOS someone. Matt -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
