Re: Updating scanners and filters in Debian stable (3.1)
On Mon, Oct 04, 2004 at 07:33:22PM +0200, martin f krafft wrote:
> also sprach Martin Schulze <joey@infodrom.org> [2004.10.04.1917 +0200]:
> > If I'm wrong, I didn't understand the backports.org philosophy.
>
> No, you are right.
>
> However, my main problem with backports is that it's
> community-operated. There seems to be no quality control...
Despite efforts to that effect, Debian doesn't have any powerful quality
control either, I'm stumbling across numbers of packages not updated
this millennium and maintainer email bouncing because of expired
domains.
> And how easy would it be to sneak a trojan in there.
AFAIK, any DD can upload to backports.org -- ergo, exactly the same risk
of trojans as with Debian itself.
> Note: I am completely unfamiliar with backports. I only (think I)
> know the theory.
The theory is more or less that it is an unoffical repository with more
or less the same access controls and way of building/operating as the
Debian archive (including the list of who are able to upload), with as
major difference that it are backports (with less severe update policy),
based on current stable, and componentized: you can have a sources.list
entry requestion only subversion and dependencies, or only spamassassin
and dependencies, etc etc etc.
And since it is unofficial, no BTS, not the automated lintian checking
of it, just not a whole lot of services and eyeballs that Debian itself
does get.
On a personal note, backports.org IMHO invariantly provide high-quality
backports that one can trust, they keep very close to the original
package. On the rare occasions that for the systems we maintain we
decide to install a backport, only backports.org is considered.
--Jeroen
--
Jeroen van Wolffelaar
Jeroen@wolffelaar.nl (also for Jabber & MSN; ICQ: 33944357)
http://Jeroen.A-Eskwadraat.nl
Reply to: