[packman] "Who are you?"

Marc Schiffbauer marc at links2linux.de
Fri Jun 12 13:37:54 CEST 2015


* Amarildo Santini JĂșnior schrieb am 11.06.15 um 01:16 Uhr:
>Hello,
>
>I am Amarildo, from Brazil. I'm a long-timer Linux user, I use Arch Linux and
>Debian at the moment. However, both them are disappointing me in regards to
>the AMD video drivers, so I'll have to move to another distro soon because I
>need good drivers to work with 3D modeling and GPU rendering in Blender.
>
>I love openSUSE, it has an amazing KDE integration and AMD support, but I
>never used it much because I don't trust it's 3rd party repositories. I don't
>mean to offend you guys in any way, shape or form, it's just that I don't know
>who's behind Packman, I don't know if there are security audits on the
>packages you build, and because of that I never really used openSUSE that
>much, even though it would be easily on my Top list of Linux distros.
>
>I think overall your packages are high quality and I really would like to use
>your repositories, but I'm (literally) paranoid and if I don't see a good
>reason to trust your packages I might have to back to Windows, and I was
>hoping you guys could help me out on this one.

Where does trust start? Do you trust a company more than some random 
users?

All *I* can say about this in regards to packman is that it was only 
me for about 16 years now hosting the main repo.

I care about security a lot. Packman main repo runs on a hardened 
linux system.

You can check integrity of the packages which are signes using the 
official packman gpg key.

The rest is trust indeed.

-Marc

-- 
0x35A64134 - 8AAC 5F46 83B4 DB70 8317
             3723 296C 6CCA 35A6 4134
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 173 bytes
Desc: Digital signature
URL: <http://lists.links2linux.de/pipermail/packman/attachments/20150612/62eb55b7/attachment.sig>


More information about the Packman mailing list