From: David R. M. <dr...@ma...> - 2003-12-28 14:10:13
|
> And on a personal note. I am really not happya bout this new > mirror.info. Personally i think that was a premature deicsion, because > it introduces rather serious security problems. It was bad enough how we > had it, but having it in a seperate info file without _any_ validation > is even worse imho. I'm not sure if you realize this, but all of the mirrors you have recruited recently were not being used by anyone (other than a few Fink developers who use CVS), because the list of mirrors is only updated when the package manager is updated. The security of the current system is no different than the security of the previous system. The list of mirrors is kept in CVS, and released as a fink package with an MD5 sum for the tarball. I'll look into the the @INC problem you had. Which version of fink did you have installed when you tried to inject? -- Dave |