[arch-projects] mBira project
Jason Chu
jason at archlinux.org
Wed Jun 1 23:36:25 EDT 2005
On Wed, Jun 01, 2005 at 08:20:57PM -0600, Dusty Phillips wrote:
> >
> > A personal repo is usually run by a single person. It's fairly easy to
> > say if you trust that one person's packages or not.
> >
> > By using a personal repo, I'm implicitly trusting the maintainer of that
> > repo. By using a automatic-package-installing AUR, I'm implicitly trusting
> > anyone with enough brains to create an AUR account.
> >
>
> Yes, but using a semi-automatic package-installing AUR allows me to
> install from the PKGBUILD after I've reviewed it for saneness. The
> thing I don't like about binary repos is having to maintain them all
> in pacman.conf... when it gets down to one repo per package, that
> sucks.
>
> Dusty
Right, but I wasn't talking to you... or about that.
I was responding about the "security" answer...
Jason
--
If you understand, things are just as they are. If you do not understand,
things are just as they are.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://archlinux.org/pipermail/arch-projects/attachments/20050601/52a5fe41/attachment.pgp>
More information about the arch-projects
mailing list