On Mon, May 18, 2020 at 7:15 PM Yasha Karant <[email protected]> wrote: > > On 5/18/20 4:54 AM, Nico Kadel-Garcia wrote: > > On Mon, May 18, 2020 at 2:13 AM Akemi Yagi <[email protected]> wrote: > >> On Sun, May 17, 2020 at 8:18 PM Yasha Karant <[email protected]> wrote: > >>> I have found gscan2pdf on the NUX repo, but installing this repo > >>> evidently will add and replace many utilities, etc., that may not be > >>> wise. gscan2pdf runs fine on Ubuntu 18 LTS as I just put in on my > >>> wife's 2-in-1 that does not have tablet write-on support under SL 7 as > >>> far as I can determine. Is there any SL 7.8 compatible gscan2pdf that > >>> works? > >>> > >>> Take care. Stay safe. > >>> > >>> Yasha Karant > >> I've been using gscan2pdf from the nux-dextop repository without any > >> issue. Also, this repository, together with EPEL, should not overwrite > >> any base package. > >> > >> Akemi > > I'm personally reluctant to trust third party RPM repositories from > > Romania, they have a very active and abusive cracker community.but the > > SRPM from > > https://urldefense.proofpoint.com/v2/url?u=https-3A__li.nux.ro_download_nux_dextop_el7_SRPMS_gscan2pdf-2D1.2.5-2D2.el7.nux.src.rpm&d=DwIBaQ&c=B_W-eXUX249zycySS1AyzjABMeYirU1wvo9-GmMObjY&r=Z7xHp2tIJsvAE2FtPxl_lynvf4hA_FJ8mKsaIgvY6Dk&m=knBIe0JxmSUI-af995EwuorG9qw79W1SDujA9o1-DW4&s=KAdL127uDliK692ZlpFMVwEGC9HREwkQ80agoYvObHc&e= > > looks clean and builds well.
> Niko. Agggh!!!! It's Nico! "Niko" is the name of a very friendly malamute on Youtube who plays with a baby a lot. "Nico" is the Cuban shortening of "Ignacio". > If you are building from a src RPM, unless you read the source code or > have a very good automaton code scanner (as done by some of the > clandestine and other security agencies), Binary RPMs from people I don't know or have strong confidence in their history, such as Scientific Linux, should be treated skeptically. You can hide a *lot* more nonsense in them by compiling from source other than the SRPM. I've seen developers do this when they didn't want to reeveal their secrets, they used "nosrc" RPM building techniquest or built the SRPM from different source than their RPMs. For Romanian hosts.... they have an active cracker community there that has a fairly bad reputation. > no "malware" embedded in the source? For example, a "clean" source may I don't without a review. Sourceforge is pretty good about exposing code and building tarballs from *that*, so hosting on Sourceforge gets them a few brownie points. I didn't have time yet, nor was I planning on spending time, to review this source tarball. > If you have built the RPM and are reasonably confident that it is > "clean", could you kindly post or supply the exact build script that you > used, including any other RPMs that are required but that come from > trusted repos? I publish dozens of RPM building wrappers, such as the Makefile and .gitgnore associated with https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_nkadel_nkadel-2Dgit226-2Dsrpm&d=DwIFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=Hiw5XLVZkcBPm98Gp1evBAsvE2ZYq1gfqUQaz81_1jA&s=2byDHtV24HrvsWgrO6szuyaoGXpHeWRdU3oaOlobcKg&e= . Do feel free to play with those, I use the same structure for many other git repos to build RPMs and SRPMs. > I generally trust SL (and EPEL, ElRepo, Oracle, Canonical, Mozilla, > Libreoffice, etc.), but I get worried about repos and sources from > nation-states or entities with large scale compromise organizations > (e.g., professional "organized criminial" enterprises or clandestine > services "backdoors"). Well, yes. It's why I disagree with a former colleague who gushed about how easy it was in his Ubnuntu environments to just add apt repositories from anywhere, and proceeded to do so.
