On Monday 29 November 2004 05:44, Michael A. Peters wrote: > That doesn't mean you can't use other repositories, it just means there > might be some packaging conflicts you have to resolve (by telling one > repo or the other to ignore certain packages). For a time I used apt-get.org to find updated packages for Debian/Woody. I didn't actually haveproblems, but I didn't kno wht was going on either and I eventually simply upgraded toSarge (testing) which is probably not as hazardous as Rawhide, but then it's not exactly stable either. The problem is this: Somein .hu created a current set of Moz packages for Woody and decided to share them. I found their site via apt-get.org and added the appropriate lines to my sources.list. I did likewise for KDE 3.x and various other packages. The potential problem is this (this did not actually happen AFAIK): .hu decides to share KDE and XFfree too. My next apt-gget update && apt-get upgrade picks up unexpected packages from .hu. Hmm. Not good for maintenance. apt-get has a pinning capability to deal with this, but that's not widely known. Besides I really don't know that those sites are reliable. I think i6 woild be quite easy to get myself listed for, say shorewall, and (maybe just oocasionally) ship a trojanned IRC bot that woild fone home to my temporary Yahoo account and tell me where it is. My bot could then repair the trojanned IRC bot and leave me quietly sharing control of a machine to be used for spamming or a DoS attack on your favourite site. I've not yet delved into yum, but I'd be a bit careful about what repos to add. Adding bulk sources for packages is altogether a different matter to downloading the occasional package fpm sf.net or freshrpms.net or wherever. -- Cheers John
