From: Darian L. <dm...@us...> - 2003-12-28 14:26:16
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 David R. Morrison wrote: > > I'm not sure if you realize this, but all of the mirrors you have recruited > recently were not being used by anyone (other than a few Fink developers > who use CVS), because the list of mirrors is only updated when the package > manager is updated. > I know and I addressed this several times in Channel. Justin has the "mirror" module which adresses this issue on a more global scale as far as I understood. He was going to update it to HEAD as soon as his SHLIBS stuff is in. > The security of the current system is no different than the security of > the previous system. The list of mirrors is kept in CVS, and released > as a fink package with an MD5 sum for the tarball. My concern still remains. As I pointed out, I never thought the system to be secure in the first place, thus it wasn't too bad that not many were relying on it yet. Wew should have solved the security issues before making this accessable to the broad public and thuis increasing the risk involved with this system. I'll see to it, that I get GnuPG signing operational as soon as possible > > I'll look into the the @INC problem you had. Which version of fink did > you have installed when you tried to inject? 0.17.1.cvs - -d -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (Darwin) iD8DBQE/7uf1PMoaMn4kKR4RA60kAJ4ufFYK7mhzPrZW9egJx5yFzjDlxACfVmU0 ecXQl6ETfH3A1vmfTq52qjE= =jUzD -----END PGP SIGNATURE----- |