Darian Lanx <[EMAIL PROTECTED]> wrote: > David R. Morrison wrote: > > > > > I'm not sure if you realize this, but all of the mirrors you have recruited > > recently were not being used by anyone (other than a few Fink developers > > who use CVS), because the list of mirrors is only updated when the package > > manager is updated. > > > I know and I addressed this several times in Channel. Justin has the > "mirror" module which adresses this issue on a more global scale as far > as I understood. He was going to update it to HEAD as soon as his SHLIBS > stuff is in. >
I didn't realize that Justin intended to work on this more. The CVS module he was using had been inactive for almost a year. I'm not sure in what sense Justin's implementation was "more global" than mine. Anyway, I saw a need, and I implmeneted it. It's done now. > > The security of the current system is no different than the security of > > the previous system. The list of mirrors is kept in CVS, and released > > as a fink package with an MD5 sum for the tarball. > My concern still remains. As I pointed out, I never thought the system > to be secure in the first place, thus it wasn't too bad that not many > were relying on it yet. Wew should have solved the security issues > before making this accessable to the broad public and thuis increasing > the risk involved with this system. > > I'll see to it, that I get GnuPG signing operational as soon as possible I'm not sure I understand your security concern here. The only people who can change the mirror lists that the average fink user gets are the people who can release source files using the SF file release system. That list consists of the fink core developers and one or two others. Could you please summarize the security of fink as you see it, and explain where we need improvement? I'd be happy to help improve things. -- Dave ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Fink-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/fink-devel
