Thread: Differences between Harbour and OpenRepos
View Single Post
szopin is offline szopin
2014-03-20 , 00:19
Posts: 2,076 | Thanked: 3,268 times | Joined on Feb 2011
#6
Originally Posted by -miska- View Post
Also AFAIK rpms from OpenRepos are not signed so if some attacker gets access to the server, he can infect popular rpms without developers knowing.

So, good intentions and given Jolla store policies and such really useful, but potentially big security hole.
Not sure if I get that part, you mean someone hacks openrepos? What if someone hacks harbour? You get the assumed signatures from harbour, so if that fails you will be getting malware from there as well. Or is there some american company that signs those, would be even more scared

Best way to look at it is: treat openrepos as extras-devel (hopefully source submissions will become required and only built on OR things get there, like the -devel from fremantle, so you can always download the source and build it yourself after review if you have doubts), if you recognize the author and trust him, no problem, if not, there are risks involved
Last edited by szopin; 2014-03-20 at 00:24.