[Slackbuilds-users] Use for a package repository?
fullofdaylight at no-log.org
fullofdaylight at no-log.org
Fri Feb 20 14:09:10 UTC 2009
Thank you all, and especially Eric, for your insightful comments. It makes
it clearer for me.
I agree that if I am to create such a repository it has not to be
affiliated with SBo (although I think SBo _has_ to be cited as the
SlackBuilds' source), and that one has to be well-informed one can't give
it the same level of trust.
The rationale behind my idea is that it is convenient to have only one
source for additional packages instead of cherry-picking between several
ones. Additionally I don't trust other packages/SlackBuild sources
(LinuxPackages, Slacky, any individual repository, etc) as much as I trust
While there are SlackBuilds that need customization before being compiled,
there are numerous ones where simply executing the unmodified SlackBuild
is fine, and where the result doesn't heavily depends on which other
programs are already installed.
If I have time maybe I'll try to set up something, and see if people are
interested in the project or if they generally prefer to compile programs
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> On Thu, 19 Feb 2009 fullofdaylight at no-log.org wrote:
>> would it be a good thing if someone creates a repository containing
>> packages (properly) compiled from SBo SlackBuilds with default settings?
> I am not going to tell you whether or not you should create such a
> repository. I know there are several package repositories that are
> basically using the SlackBuild scripts we provide at SBo to create the
> However, there is a good reason you never see the phrase "based on SBo
> scripts" on these repositories' home pages. The slackbuilds.org team does
> not want to be affiliated to any 3rd package repository.
> The reason? We provide QA-tested SlackBuild scripts submitted by a large
> community of Slackware enthousiasts. The admin team tests these scripts.
> By creating a GPG signature file (the .asc file) for an approved tarball
> we say "this script works as advertised, and running it as root will not
> harm your computer". Being able to verify the tarball's GPG signature
> means that you can be sure the script you are going to use is _exactly_
> the one that we tested.
> Now, with pre-built packages based on SBo scripts you are _never_ going to
> be certain that the SlackBuild used to produce the package was identical
> to the one that got a stamp of approval from the SBo admins. This means,
> that we do not want to see someone advertising that he is providing
> packages based on slackbuilds.org scripts. We do not have control over the
> end product, so we do not assume any responsibility for it.
> - --
> Eric Hameleers
> Email: alien at slackware.com
> Jabber: alien at jabber.xs4all.nl
> Gpg fingerprint: F2CE 1B92 EE1F 2C0C E97E 581E 5E56 AAAF A75C BDA0
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
> Comment: For info see http://quantumlab.net/pine_privacy_guard/
> -----END PGP SIGNATURE-----
> SlackBuilds-users mailing list
> SlackBuilds-users at slackbuilds.org
> Archives - http://lists.slackbuilds.org/pipermail/slackbuilds-users/
> FAQ - http://slackbuilds.org/faq/
More information about the SlackBuilds-users