5 Oct
2015
5 Oct
'15
9:03 p.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA224
Sorry Steven you obviously don't understand how an
apt repository works.I
have a repo on sourceforge and only what I put in there is in there.
Using apt it checks packages files, which I create with reprepro on my own
machine at home, and you can only get what is listed in my repository.
Sourceforge has not added anything, nor can they, to my repo and if they
did it would not be signed and that should immediately ring alarm bells.
I think it's more of an issue with supporting a site with a known
malware-based business model than anything else. Yes, I could
cryptographically secure downloads from spam-are-us.net, but would that:
a.) hurt TDE's reputation?
b.) open users to potential attack if they ignore a single warning message?
c.) help spam-are-us.net advertise their malware?
If the answer is yes to any of the above it isn't a good idea to use the
service ;-)
Tim
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iFYEARELAAYFAlYS5Z4ACgkQLaxZSoRZrGHVywDgjAfMGoCtXSAp8nO/kLw1oaRz
f0J2tIrFCB0hFQDgygVe/m3NJt2vxPrt+aRInJQTZ+SM+RWTpEKcog==
=dDTt
-----END PGP SIGNATURE-----