1 |
Bo Ørsted Andresen wrote: |
2 |
|
3 |
>On Saturday 24 June 2006 18:51, Jarry wrote: |
4 |
> |
5 |
> |
6 |
>>Anyway, I am still surprised a little. I thought sources |
7 |
>>of portage-packages are mirrored on gentoo-mirrors... |
8 |
>> |
9 |
>> |
10 |
> |
11 |
>They are. If the package has just been added to the tree they may not have |
12 |
>reached your mirror yet. If that is not the reason then it is probably a bug. |
13 |
>The official mirror should be in the ebuild to tell the mirrors where to |
14 |
>fetch it from and as a backup if it cannot be found on the Gentoo mirrors. |
15 |
> |
16 |
> |
17 |
> |
18 |
>>It seems to me to be a little "insecure", to download |
19 |
>>mod_security from somewhere "from wild" instead of |
20 |
>>gentoo-mirrors or homepage. One can not be sure those |
21 |
>>sources have not been modified... |
22 |
>> |
23 |
>> |
24 |
> |
25 |
>As long as you don't override a digest verification error you are safe. Beware |
26 |
>of those who tell you to override a digest verification error by running: |
27 |
> |
28 |
># ebuild $ebuild digest |
29 |
> |
30 |
>or: |
31 |
> |
32 |
># emerge --digest $pkg |
33 |
> |
34 |
> |
35 |
> |
36 |
|
37 |
Very true. I have seen people on this list tell people just that. |
38 |
|
39 |
Dale |
40 |
:-) :-) |
41 |
-- |
42 |
gentoo-user@g.o mailing list |