From: Alexey Nogin (ayn2@cornell.edu)
Date: Thu May 25 2000 - 14:45:54 EDT
On Thu, 25 May 2000, Daniel Veillard wrote:
> since people using sources are usually concerned
> with security
>
Are you sure? Another big reason to look for sources is to be able to
recompile them on a different version of RedHat (with different versions
of the libraries) and/or use the spec file and patches from it to compile
a newer version.
> I do point to the origin server for those SRPMS . In taht case it is:
> ftp://contrib.redhat.com/pub/contrib/libc6/SRPMS/napster-0.201-1.src.rpm
>
Now, this is a really strange idea. There is no reason to trust contrib
SRPMS unless they are signed by some trusted key. And if they are signed,
then it does not matter where to download them. And the "official" RedHat
SRPMS (other than Rawhide ones) are always signed, so again it does not
matter where to download them. I am afraid the only thing you are doing
here is sending people to very overloaded and slow RedHat servers instead
of sending them to your (much faster) mirror.
Please consider pointing people to your mirror for SRPMs.
Alexey
--------------------------------------------------------------
Home Page: http://nogin.org/
E-Mail: nogin@cs.cornell.edu (office), ayn2@cornell.edu (home)
Office: Upson 4139, tel: 1-607-255-4934
This archive was generated by hypermail 2b29 : Thu May 10 2001 - 18:40:12 EDT