[ale] Safe apt-get repositoris
Dow Hurst
dhurst at kennesaw.edu
Fri Jun 18 17:59:10 EDT 2004
I needed a video player badly yesterday to check a movie of an MD simulation
and RH9 comes with no video players. So I went searching and used
ayo.freshrpms.net to get apt and then mplayer. Worked like a charm and even
played an encrypted DVD I had handy to check with. Since the encryption can't
be distributed from within the US but the guy's site has a GPG key available,
then I should have checked the signature. However, the site resolves to an
.ie network and may or may not be trustable. At least my point here is that
the good stuff people might want may not be distributed thru the safest of
channels. I guess if you could find out the background of the person who is
making the repository available, then that could help alot. I could have
checked if they were well known in the Linux community or Open Source
community and had a good rep.
I like the Gentoo idea overall since you download the source and compile it.
It less likely someone would expect to get away with compromising source code,
especially if apt-get checks the signatures from an alternate trusted server.
Sorry for rambling but I got really excited over the ease of the mplayer
install and also how it was a fully enabled mplayer. To do this on SuSE
manually requires entering rpm hell by downloading a bunch of rpms from a
particular site and installing in the right order, just like Redhat would
require. I'd like to find apt-get repositories that were very complete,
trustable, and had fully enabled sources.
Do Gentoo repositories have the decoding DVD library and all the codecs for
mplayer or xine in the sources?
Dow
Michael D. Hirsch wrote:
> On Friday 18 June 2004 03:53 pm, Dow Hurst wrote:
>
>>I have finally had a chance to use apt-get on a RH9 workstation. However,
>>my question is how can you know that the repository is a safe one with
>>binaries that are trustable? Now, I am not asking how to secure a computer
>>and I don't want to rehash how the only secure computer is one with no
>>connections and so on ad infinitum.... ;-)
>>
>>I guess I am really asking where the best/safest repositories are for
>>Redhat?
>
>
> I can't really vouch for the safety of these, but I like 'em:
>
> # Fedora stable repository for Red Hat 9
> rpm http://download.fedora.us/fedora/ redhat/9/i386 stable os updates
> rpm-src http://download.fedora.us/fedora/ redhat/9/i386 stable os updates
>
> # Red Hat Linux 9
> rpm http://apt.freshrpms.net/ redhat/9/i386 freshrpms
> rpm-src http://apt.freshrpms.net/ redhat/9/i386 freshrpms
>
> ## kde-redhat repository(s) for Red Hat 9 (yes, *4* lines)
> rpm ftp://apt.kde-redhat.org/apt fedora/9 stable
> rpm ftp://apt.kde-redhat.org/apt fedora/all stable
> rpm ftp://apt.kde-redhat.org/apt kde-redhat/9 stable
> rpm ftp://apt.kde-redhat.org/apt kde-redhat/all stable
>
> --Michael
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>
--
__________________________________________________________
Dow Hurst Office: 770-499-3428 *
Systems Support Specialist Fax: 770-423-6744 *
1000 Chastain Rd. Bldg. 12 *
Chemistry Department SC428 Email: dhurst at kennesaw.edu *
Kennesaw State University Dow.Hurst at mindspring.com *
Kennesaw, GA 30144 *
************************************************************
This message (including any attachments) contains *
confidential information intended for a specific individual*
and purpose, and is protected by law. If you are not the *
intended recipient, you should delete this message and are *
hereby notified that any disclosure, copying, distribution *
of this message, or the taking of any action based on it, *
is strictly prohibited. *
************************************************************
More information about the Ale
mailing list