It only helps you for other people to audit the source in a package if you carefully download only signed packages. In this, there's STILL no benefit to source code tarball (tgz) so-called packages over signed binary packages from a known provider. Carefully choosing the contents of your apt sources.list on a Debian based system will save you a lot of manual package signature inspection you'd have to go through with RPM or tarballs.
It makes no sense to mention Debian DEB (not dpkg, which is just a tool) packages in this context and not say more about them!
Both DEB and RPM support signed packages, but at least most software installed on a Debian system over the Net is by apt-get, which uses specific sites to fetch most of the packages you'd ever want. On RPM based systems, I'm always resorting to a hunt for packages on rpmfind, where their origin is less clear.
That doesn't look so hard. So now we just need to learn to encode these streams ourselves and drive up the apparent viewership of any shows we like by a huge amount!
Anyone else think that we are getting closer and closer to
EVERYTHING being about marketing? We aren't allowed to make up our own
minds any more. We can't have opinions. If we do, we are obviously not the
'target audience' they're going for.
This would be in the eyes of the marketers, right?
Worrying so much about their opinion is just self-fulfilling prophesy!
Slashdot Mirror
It only helps you for other people to audit the source in a package if you carefully download only signed packages. In this, there's STILL no benefit to source code tarball (tgz) so-called packages over signed binary packages from a known provider. Carefully choosing the contents of your apt sources.list on a Debian based system will save you a lot of manual package signature inspection you'd have to go through with RPM or tarballs.
Both DEB and RPM support signed packages, but at least most software installed on a Debian system over the Net is by apt-get, which uses specific sites to fetch most of the packages you'd ever want. On RPM based systems, I'm always resorting to a hunt for packages on rpmfind, where their origin is less clear.
For something they're actually bad at, you might have to go for "impoliteness"!
New Babylon 5 spin-off series, here we come...
Worrying so much about their opinion is just self-fulfilling prophesy!