[DC LoCo] Is this a good way to verify a PPA?
Luke Faraone
luke at faraone.cc
Tue Dec 6 21:27:20 UTC 2011
On 06/12/11 16:25, Ken Stailey wrote:
> 4. Find a copy of the source code that you trust outside of APT and
> compare it.
>
> 5. Look through the diffs that the PPA contains
This is only useful for that version of the package. The PPA author may
upload a new version of the package, which you might not notice.
Alternatively, the PPA might suddenly provide other packages, which
(unless you configure apt pinning) will replace existing packages. So I
could suddenly release a new «nautilus», for example.
--
Luke Faraone;; Debian & Ubuntu Developer; Sugar Labs, Systems
lfaraone on irc.[freenode,oftc].net -- http://luke.faraone.cc
PGP fprint: 5189 2A7D 16D0 49BB 046B DC77 9732 5DD8 F9FD D506
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-us-dc/attachments/20111206/da3d1117/attachment.pgp>
More information about the Ubuntu-us-dc
mailing list