On Thursday 08 May 2003 03:30 am, Rudolph van Graan wrote: > Hi, > > Rolf Kutz wrote: > > apt-listchanges. It displays the new changelog > > entries from the debs before installing them, but > > has to download them first, so no bandwidth > > saving. > > This is almost exactly what I looked for - it removes the "blindly > trusting apt-get" that was my problem in the first place. At lease I can > now decide if the change warrants installation to my machine. Strange > thing is that I haven't seen this package before.
You're still trusting that what the changelog says is true, actually, but with security.debian.org, that's pretty authoritative. Not all packages will always list all changes - it's up to the maintainer to remember what was modified. Also, sometimes changes are listed that were not actually made. For example, recently a package was marked as IPv6-enabled, when the actual code had not yet been implemented upstream. There is a significant level of trust involved with using apt-get (or any code from the Internet) at all. It's not a problem for me, or apparently many people, but the only way to really know what's changing on your system is to read the source code and compile it yourself. (Make sure you read the compiler code, too. :) - Keegan