On Saturday 24 June 2006 18:51, Jarry wrote: > Anyway, I am still surprised a little. I thought sources > of portage-packages are mirrored on gentoo-mirrors...
They are. If the package has just been added to the tree they may not have reached your mirror yet. If that is not the reason then it is probably a bug. The official mirror should be in the ebuild to tell the mirrors where to fetch it from and as a backup if it cannot be found on the Gentoo mirrors. > It seems to me to be a little "insecure", to download > mod_security from somewhere "from wild" instead of > gentoo-mirrors or homepage. One can not be sure those > sources have not been modified... As long as you don't override a digest verification error you are safe. Beware of those who tell you to override a digest verification error by running: # ebuild $ebuild digest or: # emerge --digest $pkg -- Bo Andresen
pgp0hCifAVI0N.pgp
Description: PGP signature
