Installing binary RPMs isn't that safe either, is it? Unless you plan on installing from source, and studying it in detail, every time you install a program, you have to take a leap of faith regardless of your package management system. The apt system seems pretty well-regulated, not like someone could sneak in a nasty new version of the Gimp that sends all your pictures to the Church of Scientology.
binary RPMs can be signed with PGP keys, and as long as you get them off a mirror you trust, are fairly likely to be OK. problem with apt is, you dont get anywhere near as much control over what you install. you tell it to do one thing, it insists on going and installing about 18 other packages, so you just hit ok, etc... i think what orj is referring to is the possiblity of someone tampering with your sources.list and adding a poisoned source - unless you check it (ever?) you might not notice until its way too late. any of the proxy setups could be poisoned as well. *shrug* apt is, however, much nicer than rpm. until you decide you dont want something installed, at which point its not just a case of force-downgrading it as you would with rpm, but a matter of spending a lot of time coercing apt or dpkg to let you. ------------ WLUG - The Waikato Linux Users Group WWW: http://wlug.linuxcare.co.nz To unsubscribe, send an email to majordomo(a)list.waikato.ac.nz with "unsubscribe wlug" in the body of the message.