FedoraThis forum is for the discussion of the Fedora Project.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Due to the nature of Fedora licensing, it does not come with many propeitary software like adobe, flash, and codecs. So many Fedora users resort to using RPMFusion. My question is how safe is RPMFusion from a security prespective and has it had any history of ever being 0wn3d? How much trust can I put on the rpm builders in RPMFusion?
I am aware every RPM package from RPMFusion is signed with their GPG keys and yum will verify (by default) the integrity of every package installed from RPMFusion.
I don't have any data about rpmfusion.org (which was once livna and some other site) track record in terms of security, but I do have anecdotal evidence that there has never been an issue on my Fedora systems, which I have run off-and-on since Fedora 7 or 8. Presumably they would be forthcoming about any campromise that they detect.
Of course, nothing is a sure thing. If you are very concerned about the security of the packages, you can download the source RPMs (or even the binary ones, and just steal the spec file), explode them, analyze, and rebuild. Just install all the rpmbuild tools and go for it.
All security is a numbers game. If you have one program you are much less likely to be attacked. If you have installed 20,000 then it is likely that one or more will let a hacker in.
This is my view.
rpmfusion.org is a hosting website for certified software. That means that both the website itself, rpmfusion.org is verified via a certificate authority.
Regarding the software each rpm file is protected by a security key, verified by the yum installation software. That software was provided by a recognized mantainer or group of maintainers.
If you download software from rpmfusion.org, you can rest assured that it is clean and you may have as much confidence in it as you would have with Fedora itself.
The USA is a country that supports lawyers, lawyer firms and software patents and lawsuits.
Fedora would like to make rpmfusion an optional repository, but rpmfusion hosts software that may use an algorithm or some technique that has a USA software patent.
Why be sued and have costly legal battles. Ergo, Fedora, an American Linux product, will not open itself up to being sued.
Outside of the USA, most countries do not recognize unlimited software patents. Almost all countries recognize copyrights. For a copyright violation, there is a take-down notice. A copyright violation means either plagiarism or posting the software without referring to the author for permission, or redirecting the user to his website for the download.
Fortunately, more and more, Open-Source software is killing the patent trolls. 80% of commercial products on the market use some routines from Open-Source.
Some day we may see the USA congress pass a law banning software patents beginning 201x. If the patent is not implemented and sold as a product or pending product, it will be refused. A software patent may be made to lapse if not demonstrated in an owned product. It may be that only patentable software would be limited to a device driver that directly controls hardware.
So for now, there are several respin "Forks" of Fedora, where the "Enhanced Fedora" is obtainable from locations in countries where all software is considered an algorithm (like mathematics) and where the added contents to Fedora is, in that country not patentable.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.