[arch-projects] mBira project

Jason Chu jason at archlinux.org
Wed Jun 1 23:36:25 EDT 2005

On Wed, Jun 01, 2005 at 08:20:57PM -0600, Dusty Phillips wrote:
> > 
> > A personal repo is usually run by a single person.  It's fairly easy to
> > say if you trust that one person's packages or not.
> > 
> > By using a personal repo, I'm implicitly trusting the maintainer of that
> > repo.  By using a automatic-package-installing AUR, I'm implicitly trusting
> > anyone with enough brains to create an AUR account.
> > 
> Yes, but using a semi-automatic package-installing AUR allows me to
> install from the PKGBUILD after I've reviewed it for saneness. The
> thing I don't like about binary repos is having to maintain them all
> in pacman.conf... when it gets down to one repo per package, that
> sucks.
> Dusty

Right, but I wasn't talking to you... or about that.

I was responding about the "security" answer...


If you understand, things are just as they are.  If you do not understand,
things are just as they are.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://archlinux.org/pipermail/arch-projects/attachments/20050601/52a5fe41/attachment.pgp>

More information about the arch-projects mailing list