[WBEL-users] I don't want a community
Jon Lewis
jlewis@lewis.org
Fri, 19 Nov 2004 22:32:07 -0500 (EST)
On Fri, 19 Nov 2004, Samuel Lewis wrote:
> With all due respect, I suspect there is a way to maintain control
> while also encouraging community support and assistance with updates.
> It would seem that if life is getting in the way of updates being
> timely released, then people could volunteer to download the source
> from RedHat, build it, and provide the build to a central control, who
> could then test and verify the build. At least that will save the
> central control the task of having to download and build the rpms.
Unless the central control implicitly trusts the contributors, that's as
much or probably more work than just getting the SRPMs from Red Hat and
rebuilding them for WBEL. i.e. How do you know the openssh update someone
just rolled and contributed doesn't contain a backdoor in sshd? I think
we generally all implicitly trust Red Hat not to do such things, and if
you're running WBEL, you've put the same trust in those who created WBEL.
Taking update RPMs from 3rd parties greatly complicates things unless
those 3rd parties are known/trusted.
----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________