On Wed, Feb 14, 2007 at 08:09:57PM -0800, snowcrash+spamassassin wrote: > since i certainly trust the project, and DOS' contributions, should i > simply mod my cron jobs to,
> sa-update --allowplugins --channelfile .../DIST-channels.conf > sa-update --allowplugins --channelfile .../SARE-channels.conf > ? > in the first case, its clear to trust ... but in the second (SARE) > case, which channel/author am i actually trusting? DOS, SARE, others? > what do folks here recommend? I would say you should add allowplugins if and only if the following three conditions hold: 1) You trust the channel provider is not malicious 2) You trust that the channel is not going to be compromised by an outside agent (the GPG check is supposed to prevent that, but it's always possible to compromise a GPG key) 3) The channel is known to distribute plugins, and you want to use these plugins by default without checking them first Anyways, that's my opinion, though I'm not nearly as familiar with the update process as Theo is. -- Duncan Findlay
pgpVvNds3MgMZ.pgp
Description: PGP signature
