-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
<disclaimer>Kevin, I can understand your hesitation to respond directly to me due to your direct relationship to my employer's account. Just for the record, your personal feelings on this thread and mine don't reflect the business relationship between our respective employers. :-) Any discussion or debate we have on this is between you & me as friends, as we have been friends a lot longer than we have been in any business relationship. That said, whether you feel like taking on my points directly or not is up to you and I won't hold it against Red Hat either way.</disclaimer>
On Wednesday, February 26, 2003, at 03:11 PM, Kevin Sonney wrote:
I've been looking at it since initial release Yes, it's cool, but I've never gotten the warm fuzzies from it. I'm not changing my stance *ANY* from my pre-Red Hat days.
Anything in particular about apt-rpm that bugs you? Or just lack of familiarity with it? I mean, are there any specific problems you've heard of to unsettle you or anything like that?
Nowhere does it say that you have to enter valid data. You don't have to
send your system info to Red Hat. It's optional. Check the code. Run
rhn_register and see for yourself. I think there are some assumptions
being made here, and I'd *LIKE* to correct them if possible without
spinning into a flame war.
Well to some extent you are being tracked. You have a valid email address that everything is indexed against. You have information about your currently installed packages being profiled & sent to Red Hat to be indexed against your personal identifier. So while you can elect to not send a hardware profile, you are sending a profile of your installed packages and you are linking it to your personal identifier. Is this an accurate understanding?
You take that risk with a magazine subscription, bank account, credit card, or *ANYTHING* else with your personal information on it.
Sad but true. It's OT otherwise I would tell you about the joy of trying to cash my payroll checks at the bank they were drafted against without having an account at another bank. Oh and to top it all off, I have no permanent residence. To make a long story short, they wouldn't (and still haven't) cashed my checks. I'm debating the idea of taking this to court rather than just getting a bank account, because I really don't want a bank account anymore.
It's all about acceptable risk, right? I don't hear you yelling about using your credit card when you and I know, with a fair amount of certainty, that the credit card company is gathering much more intrusive data and records than Red Hat is.
I stopped using credit cards altogether a couple of years ago.
With less, I might add, certainty as to how it
will be used and by whom. Same goes for a grocery store "discount" card.
*That* was opened under a fake name.
Think on that for a bit.
Already have. ;-)
Anyway, it's all a choice. I'm not saying "my way or else," I'm just presenting an option and some reasons to use up2date.
And that's cool. For what I do, up2date is currently the best option at the office. It's far from ideal, being too much like a "Windows Update for Linux" than the heterogeneous package management tool that I really want.
Correct. I never disputed that. But you *DO* have to trust the source of
the updates. Unless you verify GPG sigs on all packages (which I'm
fairly sure apt-rpm does by default, right?), there's no guarontee that
*ANY* repository is giving you valid packages.
Ummm I could be mistaken but I think up2date *is* verifying GPG sigs (kudos).
Because apt4rpm wasn't mature enough at the time. It's still, by enterprise standards, experimental.
I wouldn't say that. I would say that it is not, by design, an enterprise package management tool. It is intended for the end user of an individual workstation to use to manage package installation & dependencies. It is not meant at all for centralized management by an IT organization like up2date/rhn.
Convince the distro maintainers to use it, and we'll see.
Unlikely. A totally free system would threaten RHAT's revenue stream from the rhn service. Not complaining, just pointing out that RHAT's primary responsibility is to its shareholders *not* to the customers as some fool themselves into believing.
Prove that it can do what RHN does (hundreds of concurrent transactions with server-side dependency resolution), and maybe I can get someone over here to look at it.
Honestly, if there were a Free system that did everything RHN did, Red Hat would be very scared of it and would have to scramble to find a new source of revenue to replace the doomed RHN before it starts to hurt.
Chris Hedemark PGP/GnuPG Public Key at http://yonderway.com/chris/hedemark.gpg -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (Darwin)
iD8DBQE+XSfdYPuF4Zq9lvYRAilcAKCoc/M3CYnYUahngTVnX8R6jL7KTwCggMPw v6NYeVLhPVocmD99RgfUVtw= =mvrU -----END PGP SIGNATURE-----
_______________________________________________ TriLUG mailing list http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ: http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
