[Bendug] apt-get , Ubuntu
larry price
laprice at gmail.com
Sat Jul 23 12:09:06 PDT 2005
I've noticed the same thing with the Ubuntu repositories (main offender firefox)
as always the tradeoff amounts to security vs. convenience
I'm more comfortable using FreeBSD w/ portaudit for a public server
that's out on the internet, but for a workstation behind the NAT the
convenience of having a reasonable selection of software a short
download away is a good thing.
On 7/23/05, Tim Howe <thowe at bendtel.net> wrote:
> I threw Ubuntu 5.04 (Hoary Hedghog) onto a box the other day and I am likign
> this system for the non-expert. It automatically detected and allowed me to
> download updates, it setup a nice little system with lots of useful apps. My
> only complaint is that some of the stuff I decided to install with apt-get was
> very unpolished... I installed Ruby which was, for some reason, several months
> out of date. Not sure why I did it with the package manager since it is
> butt-simple to compile it. I installed LyX, but it was either missing important
> bits, or it installed misconfigured and couldn't find them.
>
> This all led me to think that a lot of packages must make it into the apt-get
> repositories without any peer review. I'm used to using the OpenBSD ports tree,
> which is very carefully audited. I'm curious if others have run into this with
> Linux packaging systems. Is the Gentoo ports tree carefully reviewed? I have
> never had a problem with Crux (what I call 'Ports Tree Jr.').
>
> --TimH
>
--
http://Zoneverte.org -- information explained
Do you know what your IT infrastructure does?
More information about the Bendug
mailing list