Hmm. Another caveat: Downloading binaries from random sources can be dangerous, as you never have any real idea of what they could be capable of doing. Downloading source and compiling it is potentially safer since you *could* audit the code to find any problems. (Since almost no one does so, however, it's more of a warm fuzzy than a real guarantee.)
Debian's APT system is nice because you get binary packages that have some degree of provenance -- in order to be added to the system they have to be signed with a registered GPG key and uploaded to Debian's system by someone who's authorized to do so. Debian ``checks out'' their developers, at least to the extent of doing some identity verification (a known, trusted Debian developer must meet with, see some identification, and sign the key of a candidate developer). Even that process can't protect end users from malicious code in their packages (unbeknownst to the Debian maintainer) or from an attack on one or more Debian mirrors. A little paranoia can be a good thing. CMC +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ Behind the counter a boy with a shaven head stared vacantly into space, a dozen spikes of microsoft protruding from the socket behind his ear. +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ C.M. Connelly [EMAIL PROTECTED] SHC, DS +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
