Op 12-09-15 om 21:51 schreef Liam O'Toole: > On 2015-09-11, Paul van der Vlis <p...@vandervlis.nl> wrote: >> Op 10-09-15 om 11:33 schreef Liam O'Toole: >>> On 2015-09-09, Lisi Reisz <lisi.re...@gmail.com> wrote: >>>> On Wednesday 09 September 2015 20:46:42 Paul van der Vlis wrote: >>>>> When I need a package from deb-multimedia, I use wget and dpkg. >>>> >>>> A constructive suggestion! That is obviously a good idea. >>> >>> I would call it a kludge, at best. Using wget and dpkg is to invite what >>> used to be called 'RPM hell'. >> >> Use "apt-get -f install" after installing a package with dependencies. >> This will get packages from Debian. If it does need another package from >> e.g. deb-multimedia, you have to use wget and dpkg again, and then you >> know you have to monitor another package. > > Like I said: a kludge.
Your opinion, I even don't know what a kludge is. This is not an "invention" of me, many sysadmins are using this. See: https://wiki.debian.org/MultimediaCodecs#deb-multimedia.org >>> It also runs the risk of missing security updates to packages. >> >> Realise that when you put a repo in your sources list, you normally give >> control to that repo to install everything they want on your computer. > > Not when you pin the repository appropriately, as I have indicated > elsewhere. See my response there. >> And to make a complete mess out of your computer. Is that good security? > > I would say yes in this case. The maintainer of deb-multimedia is a > well-established Debian developer. That's right. But in Debian we have FTP-masters and many people who are looking when a package is in sid and in testing. Mass-rebuilds and automated checks. The maintainer of deb-multimedia does that all by it's own. He will make a mistake, that's murphy's law. >> I want to know exactly what packages are not coming from Debian. > > That's easy to determine. You have to do check that regulary when you care. With regards, Paul van der Vlis. -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/