Debian Says Remove Unofficial Debian-Multimedia.org Repository From Your Sources

Debian warns on its blog: "The unofficial third party repository Debian Multimedia stopped using the domain debian-multimedia.org some months ago. The domain expired and it is now registered again by someone unknown to Debian. (If we're wrong on this point, please sent us an email so we can take over the domain! This means that the repository is no longer safe to use, and you should remove the related entries from your source.list file.)" Update: 06/14 02:58 GMT by U L : If you're wondering where it went, it moved to deb-multimedia.org, after the DPL (at the time) asked the maintainer to stop using the Debian name.

Moved to deb-multimedia.org

[TREE]

The repository is not gone, it just moved to http://deb-multimedia.org/

Re:Moved to deb-multimedia.org

[msauve]

If you're going to karma whore, you should at least reference the OP.

If you can see debian-multimedia.org lines in output, you might want to change all the lines including it to use deb-multimedia.org instead.

Re:Why not...

[Nutria]

(a) Because that's intruding where package management doesn't belong, and
(b) into which package would you add this patch?

Just don't ignore any warnings?

[fuzzyfuzzyfungus]

Please correct me if I'm wrong for this specific one; but the official repositories and many of the 3rd party ones are signed, and you mark the corresponding public key as trusted when you add the repo. Unless the new owner got the domain name and the signing key, their ability to fuck with you is pretty much limited to breaking dependencies in assorted creative ways. Unless you speed through those annoying warnings about crypto issues, in which case you are executing god-knows-what as root. So don't do that.

Ugh, forks

[BitZtream]

He said (d-m.o) he stopped using the name because she told him to.

She said (the actual debian team) he shouldn't use the confusion it causes and people think donating to him is for Debian in general due to the scammy way its worded and fine print ...

He said, I'll just dump the original name, then in my nice passive aggressive way, I'll use another name that is going to cause more or less the exact same problem! That'll teach those guys!.

She then had to warn all of her customers because he just let the domain expire and be taken over by someone else for phishing purposes, he is such a considerate guy, she said under her breath.

So basically, the debian-multimedia guy is being an ass by not only making a new nearly equally confusing name, the jack ass let the old one expire immediately so that someone else could pick it up, and in tiny print (wtf is with jackasses making text small, let the browser do its job douche) he puts on his website ... that no one visits after the initial hits because they now have the repository in /etc/apt anyway ... there he tells of the change ...

Since apt doesn't validate that the domain is held by a trusted source/known private key before accepting it, this is a known issue and the d-m.o guy is just being an unhelpful ass.

After reading everything, I think d-m.o douche could have been a lot more professional.

He could have been a normal person and just done what debian asked ... put a notice on his page saying 'I'm not taking these donations for debian, they are for me!' but instead he didn't want to.

He's essentially trying to scam people into donations unless they carefully read the right parts of his site. Now I'm all for reading the fine print, but when you are intentionally scamming people and trying to skirt around that fact by 'the fine print' so to speak, you're still just a scum back.

This guy, needs to be blacklisted by geeks. No one should give him money, he's not a team player, a bad sport, a jerk, and a scammer. He's a passive aggressive asshole.

Yes, I can get that from reading a couple of his websites and an email thread on the Debian lists.

Re:Ugh, forks

[GPLHost-Thomas]

They pointlessly demanded that he stop using debian in his domain name which achieved nothing.

Not what happened. We asked Christian Marilla (the old owner of debian-multimedia.org) to stop doing things separately, and work with the Debian Multimedia team. He was also asked to stop building packages which are constantly breaking upgrades from one Debian version to the next. But it seems he prefers doing things alone...

Attacks on Package Managers

https://www.cs.arizona.edu/stork/packagemanagersecurity/

Do read it all. It may not apply here but it should be read by everyone who uses package managers.

mostly a non-issue

[louden+obscure]

I've had this repo in my apt list forever, it's changed names three times and has had two maintainers since I've added it to my list. It's where the dvd decrypter deally lived and a better mplayer package and well surprise, multi-media packages that were/are bleeding edge compared to the stock debian fare. I changed my apt source ages ago to reflect the title change after I noticed apt-get was pitching a fit; it only took opening up another browser tab and going to the multi-media web site to see why. You have to manually edit/write a file to add the repo, manually grab and load the key. Jeeze, I always have to add non-free and contrib on a new default install.

  I'm cutting the muti-media maintainer lotsa slack, I appreciate his effort.

           

Re:DPL, the ultimate sticklers

[Kidbro]

Except, of course, that the request wasn't pointless:
http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/2012-May/026678.html

The name actually caused real problems for Debian maintainers and users.

Re:BTW

[crutchy]

it was however more informative than your reply