Re: pkgsrc binary packages security with pkgin

To: yarl-baudig%mailoo.org@localhost
Subject: Re: pkgsrc binary packages security with pkgin
From: maya%NetBSD.org@localhost
Date: Sat, 25 Jan 2020 22:11:25 +0000

On Sat, Jan 25, 2020 at 01:34:34AM +0100, yarl-baudig%mailoo.org@localhost wrote:
> Hello,
> 
> May I ask how is safe the use pkgsrc binary packages. For example using pkgin. Does libfetch is doing fine with https? Any thoughts?
> 
> Is the authenticity and integrity of packages installed this way is guaranteed assuming no bugs in software involved?

No.

> 
> Is it safer to compile by yourself?

Yes.

This is a very unfortunate case.

Follow-Ups:
- Re: pkgsrc binary packages security with pkgin
  - From: yarl-baudig
- Re: pkgsrc binary packages security with pkgin
  - From: J. Lewis Muir

References:
- pkgsrc binary packages security with pkgin
  - From: yarl-baudig

Prev by Date: Re: How do you set $PS1 on /bin/ksh
Next by Date: Re: pkgsrc binary packages security with pkgin
Previous by Thread: pkgsrc binary packages security with pkgin
Next by Thread: Re: pkgsrc binary packages security with pkgin
Indexes:

Home | Main Index | Thread Index | Old Index