billg said: > Isn't the salient point of Windows Update the fact that the updates are > always pulled down from a server controlled by Microsoft? The user can't > point the update tool willy-nilly at unvetted sites. That alone is a > Good Thing. The fact that it is packaged as an easy-to-use web page is > gratis. I don't see where keeping them on one page gives any advantage of just checking the GPG signature before you install the package (which up2date does by default). > If Linux ever becomes popular enough to warrant attention by the same > folks currently targetting Windows, then allowing users to mix-and-match > the repositories from which they pull their updates is a wonderful way to > spread viruses, worms and all the rest. Only if the "viruses, worms, and all the rest" are signed by a key you trust. Now if you go importing keys from people that would spread the above you have another whole set of problems. -- William Hooper
