On 5/18/20 4:54 AM, Nico Kadel-Garcia wrote:
On Mon, May 18, 2020 at 2:13 AM Akemi Yagi <[email protected]> wrote:
On Sun, May 17, 2020 at 8:18 PM Yasha Karant <[email protected]> wrote:
I have found gscan2pdf on the NUX repo, but installing this repo
evidently will add and replace many utilities, etc., that may not be
wise. gscan2pdf runs fine on Ubuntu 18 LTS as I just put in on my
wife's 2-in-1 that does not have tablet write-on support under SL 7 as
far as I can determine. Is there any SL 7.8 compatible gscan2pdf that
works?
Take care. Stay safe.
Yasha Karant
I've been using gscan2pdf from the nux-dextop repository without any
issue. Also, this repository, together with EPEL, should not overwrite
any base package.
Akemi
I'm personally reluctant to trust third party RPM repositories from
Romania, they have a very active and abusive cracker community.but the
SRPM from
https://urldefense.proofpoint.com/v2/url?u=https-3A__li.nux.ro_download_nux_dextop_el7_SRPMS_gscan2pdf-2D1.2.5-2D2.el7.nux.src.rpm&d=DwIBaQ&c=B_W-eXUX249zycySS1AyzjABMeYirU1wvo9-GmMObjY&r=Z7xHp2tIJsvAE2FtPxl_lynvf4hA_FJ8mKsaIgvY6Dk&m=knBIe0JxmSUI-af995EwuorG9qw79W1SDujA9o1-DW4&s=KAdL127uDliK692ZlpFMVwEGC9HREwkQ80agoYvObHc&e=
looks clean and builds well.
Niko.
If you are building from a src RPM, unless you read the source code or
have a very good automaton code scanner (as done by some of the
clandestine and other security agencies), how do you know that there is
no "malware" embedded in the source? For example, a "clean" source may
require the use of a compromised library or (in the cases of fork and
exec) executable, unless no related RPMs (or DEB, etc.) come from the
repo that may be questionable. Akemi indicates no problem from
experience, but does Akemi have safeguards and "sniffers" running that
would detect an inappropriate packet being transmitted (that might
contain root password or other "sensitive" information)?
If you have built the RPM and are reasonably confident that it is
"clean", could you kindly post or supply the exact build script that you
used, including any other RPMs that are required but that come from
trusted repos?
I generally trust SL (and EPEL, ElRepo, Oracle, Canonical, Mozilla,
Libreoffice, etc.), but I get worried about repos and sources from
nation-states or entities with large scale compromise organizations
(e.g., professional "organized criminial" enterprises or clandestine
services "backdoors").
Take care. Stay safe.
Yasha Karant
