[packman] "Who are you?"
Marc Schiffbauer
marc at links2linux.de
Fri Jun 12 13:37:54 CEST 2015
* Amarildo Santini JĂșnior schrieb am 11.06.15 um 01:16 Uhr:
>Hello,
>
>I am Amarildo, from Brazil. I'm a long-timer Linux user, I use Arch Linux and
>Debian at the moment. However, both them are disappointing me in regards to
>the AMD video drivers, so I'll have to move to another distro soon because I
>need good drivers to work with 3D modeling and GPU rendering in Blender.
>
>I love openSUSE, it has an amazing KDE integration and AMD support, but I
>never used it much because I don't trust it's 3rd party repositories. I don't
>mean to offend you guys in any way, shape or form, it's just that I don't know
>who's behind Packman, I don't know if there are security audits on the
>packages you build, and because of that I never really used openSUSE that
>much, even though it would be easily on my Top list of Linux distros.
>
>I think overall your packages are high quality and I really would like to use
>your repositories, but I'm (literally) paranoid and if I don't see a good
>reason to trust your packages I might have to back to Windows, and I was
>hoping you guys could help me out on this one.
Where does trust start? Do you trust a company more than some random
users?
All *I* can say about this in regards to packman is that it was only
me for about 16 years now hosting the main repo.
I care about security a lot. Packman main repo runs on a hardened
linux system.
You can check integrity of the packages which are signes using the
official packman gpg key.
The rest is trust indeed.
-Marc
--
0x35A64134 - 8AAC 5F46 83B4 DB70 8317
3723 296C 6CCA 35A6 4134
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 173 bytes
Desc: Digital signature
URL: <http://lists.links2linux.de/pipermail/packman/attachments/20150612/62eb55b7/attachment.sig>
More information about the Packman
mailing list