[conspire] Thank you
Rick Moen
rick at linuxmafia.com
Tue Jul 26 22:00:29 PDT 2011
Quoting Tony Godshall (tony at of.net):
> Um. I'd qualify this. Better be a site you have reason to trust.
To be sure. (Quibble: Not actually the site; the code's ggp-signer.)
That trust could be based on significant word of mouth, over time, among
an active user community whom you think you can trust to not _all_ be
total idiots. ;-> Fortunately, that's a pretty common scenario,
really.
Building a locally compiled copy from a source package you grabbed from
your distro's repository of bleeding-edge packages is a useful variation
that fits somewhere in there, and I didn't mention it specifically.
Anyway, if I may recap the reasoning:
1. Maintained software is preferable.
2. Distro-tailored packages (as opposed to upstream) are preferable.
3. Software installed via your package manager (as opposed to merely
compiling from a tarball without package hooks) is preferable.
4. Software signed by people you have reason to trust is preferable
over software from you-aren't-really-clear-who.
Many Linux newcomers shortchange themselves, by missing chances to gain
one or more of those advantages, making unwise choices for their
software sourcing. In particular, newcomers read articles citing
upstream developer URLs without understanding that they should _not_
download upstream source tarballs unless efforts to find better
(maintained, distro-specific, packaged, trustably signed) software
sources have failed.
More information about the conspire
mailing list