Fedora Extras is extra
John Summerfield
debian at herakles.homelinux.org
Mon Nov 29 02:09:26 UTC 2004
On Monday 29 November 2004 05:44, Michael A. Peters wrote:
> That doesn't mean you can't use other repositories, it just means there
> might be some packaging conflicts you have to resolve (by telling one
> repo or the other to ignore certain packages).
For a time I used apt-get.org to find updated packages for Debian/Woody. I
didn't actually haveproblems, but I didn't kno wht was going on either and I
eventually simply upgraded toSarge (testing) which is probably not as
hazardous as Rawhide, but then it's not exactly stable either.
The problem is this:
Somein .hu created a current set of Moz packages for Woody and decided to
share them.
I found their site via apt-get.org and added the appropriate lines to my
sources.list.
I did likewise for KDE 3.x and various other packages.
The potential problem is this (this did not actually happen AFAIK):
.hu decides to share KDE and XFfree too.
My next apt-gget update && apt-get upgrade picks up unexpected packages
from .hu.
Hmm. Not good for maintenance.
apt-get has a pinning capability to deal with this, but that's not widely
known.
Besides I really don't know that those sites are reliable. I think i6 woild be
quite easy to get myself listed for, say shorewall, and (maybe just
oocasionally) ship a trojanned IRC bot that woild fone home to my temporary
Yahoo account and tell me where it is.
My bot could then repair the trojanned IRC bot and leave me quietly sharing
control of a machine to be used for spamming or a DoS attack on your
favourite site.
I've not yet delved into yum, but I'd be a bit careful about what repos to
add. Adding bulk sources for packages is altogether a different matter to
downloading the occasional package fpm sf.net or freshrpms.net or wherever.
--
Cheers
John
More information about the users
mailing list