How secure is the openSUSE Build Service?

Correct.

Does this mean that a distro that doesn't require 3rd party repositories
(Debian/Gentoo/FreeBSD) is safer?

if you assume *every* upstream developer is honest and/or trust the
integrity of the Debian/Gentoo/FreeBSD servers Hello rsync! ;-)

Am Freitag 02 November 2007 schrieb Eduardo Tongson:
Correct.

Does this mean that a distro that doesn't require 3rd party repositories
(Debian/Gentoo/FreeBSD) is safer?
>

Monday 05 November 2007 11:40:05 pm Thomas wrote:
if you assume *every* upstream developer is honest and/or trust the
integrity of the Debian/Gentoo/FreeBSD servers Hello rsync! ;-)
>
I have to disagree. Trusting every upstream developer, and all the admins who
maintain the systems (build farms, download servers, etc.) is clearly
impossible. Both groups are largely unknown to end users.

Far more important is the level of trust you place in the integrity with which
the project is run. If a download server is compromised (which has happened)
are the admins both skilled and forthcoming about fixing the problem, and
communicating what packages might be at risk? Is a software project developer
community careful about how they evaluate patches, do they reliably backport
patches against a development release to their stable release when it's
appropriate, etc.

In general terms, trust isn't binary, but a continuum, and I'd regard a
well-run distribution with no third-party repositories as safer.

Am Freitag 02 November 2007 schrieb Eduardo Tongson:
Correct.
>
Does this mean that a distro that doesn't require 3rd party
repositories (Debian/Gentoo/FreeBSD) is safer?