Please remove reference or explain

Date view	Thread view	Subject view	Author view

From: Daniel Veillard (Daniel.Veillard@w3.org)
Date: Mon Dec 18 2000 - 08:08:06 EST

Next message: Daniel Veillard: "Re: Please remove reference or explain"
Previous message: Ronan Waide: "ignoring my distribution ratings? (also: archive of this list?)"
Next in thread: Daniel Veillard: "Re: Please remove reference or explain"
Maybe reply: Daniel Veillard: "Re: Please remove reference or explain"

Thanks for the link, but no thanks for the doubts :-((

http://www.monkey.org/%7Edugsong/dsniff/faq.html
--------
(see rpmfind.net for untrusted, potentially-trojaned binary RPMs).
--------

WTF !!!

First:
   - I also carry and indexes source RPMs
   - All decent distributions PGP sign their packages, if you don't
     trust rpmfind just check with the distribution keys !

Second, If you have *any* reason to assert I may carry trojaned RPMs
*please* detail.
I rsync directly from the original sources (when available but again some
distro are bad in this respect) and do at least once a day.
I don't think I have been cracked so far.
I have never heard of anybody telling I did carry such a trojan.
I understand that people should be aware that downloading packages (source
or binary it doesn't matter !), they should verify they have not been
trojaned, but without PGP or associed signature in place there is no
way to check. I am trying to build an infrastructure that would allow to
also lookup easilly PGP and GPG keys for the authors. I understand that
people should be warned.
But I don't understand why this should be specifically stated about
rpmfind. If you don't like the service please go elsewhere, and avoid
spreading FUD on my service just because it happen to be available (I
think the acronym applies in this use case). If you want to assert one
should not install RPMs blindly, then the useful message to carry is to
tell people to have their distribution key installed and simply check
the packages with rpm --checksig, this have weight and this is useful !

Please take this in consideration,

Daniel

-- 
Daniel.Veillard@w3.org | W3C, INRIA Rhone-Alpes  | libxml Gnome XML toolkit
Tel : +33 476 615 257  | 655, avenue de l'Europe | http://xmlsoft.org/
Fax : +33 476 615 207  | 38330 Montbonnot FRANCE | Rpmfind search site
 http://www.w3.org/People/all#veillard%40w3.org  | http://rpmfind.net/

Next message: Daniel Veillard: "Re: Please remove reference or explain"
Previous message: Ronan Waide: "ignoring my distribution ratings? (also: archive of this list?)"
Next in thread: Daniel Veillard: "Re: Please remove reference or explain"
Maybe reply: Daniel Veillard: "Re: Please remove reference or explain"

Date view	Thread view	Subject view	Author view

This archive was generated by hypermail 2b29 : Thu May 10 2001 - 18:40:13 EDT