|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] trusting linux packages
|
On 12/09/2009 02:39 PM, Chad Waters wrote:
> Its a different scenario, but this is why I cringe when I see a
> sources.list with 10 random unofficial repositories.
>
Yup - it is a real tradeoff. On Gentoo there has been talk about
whether having more support for packages outside of the main repository
would help distribute development, but in order for something like that
to work you'd have to almost have some way of rating repositories in
terms of quality and auditing them.
I'm not aware of any distros that have managed to have
officially-sanctioned repositories not under the direct control of the
distro.
Personally, while I might accept the odd package from an unusual source,
I'm not going to give just anybody the ability to publish apps that are
going to get automatically installed.
Google has actually been making several moves in this direction. For
example, their latest android SDK is not distributed as an installable
package - instead they distribute what is essentially a package manager
that installs it. Since the android SDK doesn't have a free
redistribution license distros can't package it up and maintain it
within their own package management systems. At best you can only
install the SDK installer without mirroring it.
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|