On Tue, Jun 24, 2008 at 09:19:27PM -0700, Jordan Brown wrote: > Shawn Walker wrote: > > The important thing to remember is that *a* package is better than *no > > package*. > > Really? Are you sure? Even when that package is of unknown and > unverifiable quality and trustworthiness?
Yes. Even if you have source and have rebuilt, if the source is from questionable submitters then you can't trust it. If noone would ever trust anything from /contrib then it's not worth having, but I suspect a lot of people will trust content from /contrib. A more interesting issue is legal liability: if someone submits malware to /contrib, does the host carry any liability? _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
