Re: Untrusted Source
On Wed, Oct 10, 2007 at 07:47:22PM -0700, Raquel wrote:
> On Wed, 10 Oct 2007 16:11:13 -0700
> Andrew Sackville-West <andrew@farwestbilliards.com> wrote:
>
> > On Wed, Oct 10, 2007 at 06:38:36PM -0400, Douglas A. Tutty wrote:
> > > On Wed, Oct 10, 2007 at 03:31:16PM -0700, Raquel wrote:
> > > > I'm wanting to install a package from outside Debian, Symfony.
> > > > It's
> > > > a PHP framework. However, I got scared because of all the
> > > > warnings that aptitude showed me. Do I really need to be
> > > > careful of installing something like this?
> > >
> > Raquel - aptitude showed you those warnings because it couldn't
> > verify the signatures on the package you were trying to install,
> > if there were any signatures at all. If you aren't equipped with
> > the skills to verify to your own satisfaction the safety of a
> > package, then you should stick with debian packages and not move
> > outside that.
> >
>
> Another thought. This same piece of software can be installed via a
> *.tgz file and it can be installed using Pear. Maybe one of those
> methods would be better.
Only if you trust your source of the tarball more than the source of the
deb. You're still installing software from somewhere. Do you trust
them?
Doug.
Reply to: