1 |
On Saturday 24 June 2006 18:51, Jarry wrote: |
2 |
> Anyway, I am still surprised a little. I thought sources |
3 |
> of portage-packages are mirrored on gentoo-mirrors... |
4 |
|
5 |
They are. If the package has just been added to the tree they may not have |
6 |
reached your mirror yet. If that is not the reason then it is probably a bug. |
7 |
The official mirror should be in the ebuild to tell the mirrors where to |
8 |
fetch it from and as a backup if it cannot be found on the Gentoo mirrors. |
9 |
|
10 |
> It seems to me to be a little "insecure", to download |
11 |
> mod_security from somewhere "from wild" instead of |
12 |
> gentoo-mirrors or homepage. One can not be sure those |
13 |
> sources have not been modified... |
14 |
|
15 |
As long as you don't override a digest verification error you are safe. Beware |
16 |
of those who tell you to override a digest verification error by running: |
17 |
|
18 |
# ebuild $ebuild digest |
19 |
|
20 |
or: |
21 |
|
22 |
# emerge --digest $pkg |
23 |
|
24 |
-- |
25 |
Bo Andresen |