-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On April 17, 2004 08:15, Nick W wrote: > I got Gentoo back up and running.
hooray! =) > packages with no problems. They are addressing the signing issues, which is > an issue with RPMs and DEBs anyways, because they dont have everything on > the CDs. If you want firefox, for example, you need the unsigned RPM off > the net. many projects do provide GPG signed packages, however. take a look at the KDE ftp repository, as just one example. saying that because some other project is similarly broken makes it all OK is not exactly logical. we hold others (e.g. Microsoft) to a higher standard than this, don't we? moreover, 3rd party software you download and install is a VERY different proposition than the kernel, compiler, etc... that you install as part of your OS. what most galling is that this is not difficult to do, and that this provides a level security that can not be achieved elsewise. it's already bitten Gentoo once, so it isn't theoretical. and if they weren't fixing it, it would bite them again. honestly, i understand how and why you love Gentoo. i've had some good experiences with it myself and i work with a guy who is a Gentoo fa. but sluffing aside problems like this, especially ones as severe as this, is not great practice IMHO. not only should we desire and demand better and safer technologies for ourselves but if we make excuses for our own sloppiness, that opens the way for those who would disparage Free Software a to have a veritable field day with us. > Plus MDK10 still won't make my sound work out of the box, so I end > up kernel-compiling anyways. which you can do using their GPG signed sources. or the official GPG kernel sources, for that matter. ;-) > Then theres the issue of binary-bloat, > 1500 drivers on my machine that I don't need. Blah. which is orthogonal to the issue of safety and security. =) - -- Aaron J. Seigo GPG Fingerprint: 8B8B 2209 0C6F 7C47 B1EA EE75 D6B7 2EB1 A7F1 DB43 while (!horse()); cart(); -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iD8DBQFAheBa1rcusafx20MRAlSvAJ45ALVsiZkHetiVqnh0zXuMwTZ8fwCePkcZ g5NbFK+RsPJAkqCjQr6f83s= =Tmo1 -----END PGP SIGNATURE----- _______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
