|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] trusting linux packages
|
On 12/10/2009 08:01 AM, Art Alexion wrote:
> This presents a difficult dilema in *how* you establish that initial trust.
>
Yup. For the ultra-paranoid many distros give you the ability to
essentially define your own repository, so you can just add one
particular package to it (snapshotted in time). That is essentially no
less safe than just doing a full manual install if you've audited that
package. The downside is that you don't get updates of any kind
(security included), so be sure to subscribe to the appropriate lists.
The advantage over a manual install is you get any package-manager
features like easy uninstalls, dependency management, and protection
from file collisions (maybe).
I imagine that most distros also let you prioritize repositories, so
that when you get davmail from Joe Smith you don't also get his latest
build of glibc.
However, if you want the Debian stable experience, then you're going to
have to stick with whatever is in Debian stable. NOBODY else I'm aware
of provides anything like this otherwise.
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|