[PLUG] Re: rpms

Colin Kuskie ckuskie at dalsemi.com
Thu Sep 12 16:31:07 UTC 2002


On Wed, Sep 11, 2002 at 04:39:37PM -0700, Jason Dagit wrote:
> 
> I'm confused.  Are you questioning the safety of using apt, or that of
> installing rpms?  Of course anything could happen, and someone could put
> an exploit into gcc so that it generates backdoors when it compiles.  But
> I think apt is a bit better because you can use the official debian site
> to get all your .debs.

I'm questioning the combination of the two (apt-rpm), but in general
the use of automated downloads and installs.

Tyler's answer pointed out the use of MD5 sums, but for apt-rpm I think
there's only 1 repository (freshrpms.net) so it's a single point of
potential attack.

Colin




More information about the PLUG mailing list