LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 03-08-2013, 08:20 PM   #1
number22
Member
 
Registered: Sep 2006
Location: Earth
Distribution: Slackware 14.1 Slackware64-current multilib
Posts: 181
Blog Entries: 1

Rep: Reputation: 38
AlienBoB Repository address point to http://taper.alienbase.nl/mirrors/people/alien/


is this legit address?
 
Old 03-08-2013, 08:26 PM   #2
stormtracknole
Member
 
Registered: Aug 2005
Location: The Big Easy
Distribution: Slackware, RHEL
Posts: 817

Rep: Reputation: 104Reputation: 104
Quote:
Originally Posted by number22 View Post
is this legit address?
It is as legit as they come. Super fast mirror too!
 
Old 03-08-2013, 08:30 PM   #3
number22
Member
 
Registered: Sep 2006
Location: Earth
Distribution: Slackware 14.1 Slackware64-current multilib
Posts: 181
Blog Entries: 1

Original Poster
Rep: Reputation: 38
well, we want download software from official channel, just plain security concerns,when web address don't match up with AlienBob's website. Just testing some software, so if problem occurs we know where it comes from. For now, we just don't use these pre-compiled software from unknown source.

Last edited by number22; 03-08-2013 at 08:34 PM.
 
Old 03-08-2013, 08:34 PM   #4
allend
Senior Member
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware-current
Posts: 3,411

Rep: Reputation: 837Reputation: 837Reputation: 837Reputation: 837Reputation: 837Reputation: 837Reputation: 837
Yes.
For confirmation you could visit here. http://alien.slackbook.org/blog/
If you have concerns about any packages, then check them with the GPG key. http://taper.alienbase.nl/mirrors/pe...builds/GPG-KEY
After you have installed the key, when you download the package you can also download the associated .asc file and run 'gpg2 --verify <packagename>.asc'. This will confirm that the package was signed by Alien Bob. There will also be message that the key has not been certified with a trusted signature, but no need for alarm. See http://www.linuxquestions.org/questi...ng-4175452476/
 
3 members found this post helpful.
Old 03-09-2013, 05:34 AM   #5
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 5,240

Rep: Reputation: Disabled
Quote:
Originally Posted by number22 View Post
well, we want download software from official channel, just plain security concerns,when web address don't match up with AlienBob's website. Just testing some software, so if problem occurs we know where it comes from. For now, we just don't use these pre-compiled software from unknown source.
Who says that http://taper.alienbase.nl/mirrors/ is not one of my web sites? I use more web sites than just http://slackware.com/~alien . Have you looked at that server's homepage at all?
In fact, I decided to relieve the Slackware webserver (which hosts http://slackware.com/~alien) from the many gigabytes of downloads per month caused by my package repository and I have setup HTTP re-direction to http://taper.alienbase.nl/mirrors/ for my package amd multilib repositories. Taper is my high-speed mirror.

Exacly like allend explained to you, it is of no importance where you download these packages. Any morror will have the same packages, and if you are paranoid and do not trust the mirror admins (which is a very valid feeling) you should ALWAYS use a GPG verification check to make certain that the downloaded packages are un-altered originals.

Eric
 
Old 03-09-2013, 08:19 AM   #6
Habitual
Senior Member
 
Registered: Jan 2011
Distribution: Undecided
Posts: 3,216
Blog Entries: 5

Rep: Reputation: 766Reputation: 766Reputation: 766Reputation: 766Reputation: 766Reputation: 766Reputation: 766
Poor Eric, can't catch a break since this post...

I may just do an alien.bournetoraiseshell.com in your honor.
 
Old 03-09-2013, 01:37 PM   #7
number22
Member
 
Registered: Sep 2006
Location: Earth
Distribution: Slackware 14.1 Slackware64-current multilib
Posts: 181
Blog Entries: 1

Original Poster
Rep: Reputation: 38
Quote:
Originally Posted by Alien Bob View Post
Who says that http://taper.alienbase.nl/mirrors/ is not one of my web sites? I use more web sites than just http://slackware.com/~alien . Have you looked at that server's homepage at all?
In fact, I decided to relieve the Slackware webserver (which hosts http://slackware.com/~alien) from the many gigabytes of downloads per month caused by my package repository and I have setup HTTP re-direction to http://taper.alienbase.nl/mirrors/ for my package amd multilib repositories. Taper is my high-speed mirror.

Exacly like allend explained to you, it is of no importance where you download these packages. Any morror will have the same packages, and if you are paranoid and do not trust the mirror admins (which is a very valid feeling) you should ALWAYS use a GPG verification check to make certain that the downloaded packages are un-altered originals.

Eric
Dude, take chill pill, relax, if http://taper.alienbase.nl/mirrors/people/alien/ is your official sits, just change it on slackware.com

My boss click it and mirror to some other site, I got all bs on me. I have to ask the question just to make sure. would you relax, Eric?
 
Old 03-09-2013, 01:45 PM   #8
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 5,240

Rep: Reputation: Disabled
Quote:
Originally Posted by number22 View Post
Dude, take chill pill, relax, if http://taper.alienbase.nl/mirrors/people/alien/ is your official sits, just change it on slackware.com

My boss click it and mirror to some other site, I got all bs on me. I have to ask the question just to make sure. would you relax, Eric?
What did you not understand about "mirror"? I do not have an "official" server. They are all just as official as the others.
Your boss could have contacted me if he was so upset.

In fact, downloading from a mirror should always be your first option. The mirrors are there to prevent swamping the main site (slackware.com) with downloads. Mirrors have big fat internet pipes, that is why they are mirrors.

Eric
 
1 members found this post helpful.
Old 03-09-2013, 01:58 PM   #9
number22
Member
 
Registered: Sep 2006
Location: Earth
Distribution: Slackware 14.1 Slackware64-current multilib
Posts: 181
Blog Entries: 1

Original Poster
Rep: Reputation: 38
Quote:
Originally Posted by Alien Bob View Post
What did you not understand about "mirror"? I do not have an "official" server. They are all just as official as the others.
Your boss could have contacted me if he was so upset.

In fact, downloading from a mirror should always be your first option. The mirrors are there to prevent swamping the main site (slackware.com) with downloads. Mirrors have big fat internet pipes, that is why they are mirrors.

Eric
What you don't understand office politics, legal issues as far as my boss understanding of mirror. Hard to explain. People always looking for excuse to spend and "upgrade" things which isn't broke.

Last edited by number22; 03-09-2013 at 02:00 PM.
 
Old 03-09-2013, 02:48 PM   #10
Skaperen
Senior Member
 
Registered: May 2009
Location: WV, USA
Distribution: Slackware, CentOS, Ubuntu, Fedora, Timesys, Linux From Scratch
Posts: 1,777
Blog Entries: 20

Rep: Reputation: 115Reputation: 115
I think the answer to this is to establish an authority of trust. The OP is probably looking for something that tells him a particular URL is "good" (as opposed to not known to be "good") from one of the sources he already trusts (presumably like "slackware.com"). I guess he didn't consider the link to http://wiki.alienbase.nl/doku.php as sufficient to establish alienbase.nl as trustable.

There's also slackbuilds to be trusted (well, at least I do).
 
Old 03-09-2013, 05:59 PM   #11
astrogeek
Senior Member
 
Registered: Oct 2008
Distribution: Slackware: 12.1, 13.1, 14.1, 64-14.1, -current, FreeBSD-10
Posts: 1,777

Rep: Reputation: 603Reputation: 603Reputation: 603Reputation: 603Reputation: 603Reputation: 603
Quote:
Originally Posted by Skaperen View Post
I think the answer to this is to establish an authority of trust.
Well, that is the GPG key check as already mentioned...

Last edited by astrogeek; 03-09-2013 at 06:11 PM.
 
Old 03-10-2013, 08:57 PM   #12
MadMaverick9
Member
 
Registered: Aug 2010
Location: Here
Distribution: Slackware 14.0
Posts: 135

Rep: Reputation: Disabled
Quote:
Quote:
Originally Posted by Skaperen View Post
I think the answer to this is to establish an authority of trust.
Well, that is the GPG key check as already mentioned...
Simply putting a GnuPG key into "http://taper.alienbase.nl/mirrors/people/alien/slackbuilds/" does not establish trust.

Trust needs to be established by verifying the signatures on a key. And since very likely Eric's circle of trust is disjoint from my circle of trust, there is no way for me to really establish trust.

Eric - no offense, please. But the last few comments reminded me of something that Bruce Willis said in the movie Surrogates:

Quote:
Honey, I don't know what you are. I mean, for all I know, you could be some big, fat dude sitting in his stim chair with his .... hanging out.
Please correct me if I am wrong, but all that the GPG key really can do for me at the moment, is telling me that files have not been tampered with between now and the next time I download something.

Would be nice if Eric's key were signed by "Slackware Linux Project <security@slackware.com>" (0x40102233) directly. I did not check if Eric's key is trusted by 0x40102233 indirectly.

And the photo in Eric's key really only helps people who know Eric in person to establish trust.

Last edited by MadMaverick9; 03-10-2013 at 09:15 PM. Reason: Photo in Eric's key.
 
2 members found this post helpful.
Old 03-10-2013, 09:27 PM   #13
volkerdi
Slackware Maintainer
 
Registered: Dec 2002
Location: Minnesota
Distribution: Slackware! :-)
Posts: 863

Rep: Reputation: 1686Reputation: 1686Reputation: 1686Reputation: 1686Reputation: 1686Reputation: 1686Reputation: 1686Reputation: 1686Reputation: 1686Reputation: 1686Reputation: 1686
Quote:
Originally Posted by MadMaverick9 View Post
Would be nice if Eric's key were signed by "Slackware Linux Project <security@slackware.com>" (0x40102233) directly.
Done. Hope you sleep better now.
 
2 members found this post helpful.
Old 03-10-2013, 09:43 PM   #14
MadMaverick9
Member
 
Registered: Aug 2010
Location: Here
Distribution: Slackware 14.0
Posts: 135

Rep: Reputation: Disabled
Very Cool! Thank you very much, Pat.

Well - just trying to help out the OP.

http://pgp.mit.edu:11371/pks/lookup?...CBDA0&op=index
 
Old 03-11-2013, 01:29 PM   #15
number22
Member
 
Registered: Sep 2006
Location: Earth
Distribution: Slackware 14.1 Slackware64-current multilib
Posts: 181
Blog Entries: 1

Original Poster
Rep: Reputation: 38
Quote:
Originally Posted by MadMaverick9 View Post
Would be nice if Eric's key were signed by "Slackware Linux Project <security@slackware.com>" (0x40102233) directly. I did not check if Eric's key is trusted by 0x40102233 indirectly.

And the photo in Eric's key really only helps people who know Eric in person to establish trust.
Bingo. April is starting new year, budget is calculated for some spending on hardware and software, people are looking for excuses for some seriouse spending. I want hardware upgrade to lower power consumptions, others want to spend on software, some bigger name brand. I don't want touch software side, too much headaches. They pressure me to reconsider, slackware.com doesn't look flashy; serious B2B site, blah, blah, bs etc. one thing leads to this threads is our software policy not using mirrors site, all source code must come from official sites, we bought slackware from slackware store, and all patches are getting from ftp.slackware.com.

Last edited by number22; 03-11-2013 at 01:36 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Differences between packages of AlienBoB Repository and Slackbuilds JohnV2 Slackware 7 04-19-2012 09:53 PM
Opensuse 11.2 ATI Repository - Download fglrx Corrupt? Any mirrors? romeo_tango Suse/Novell 3 03-04-2010 09:31 PM
OpenVPN point-to-point address question deadeyes Linux - Server 1 12-11-2007 11:09 AM
DISCUSSION: Alien Packages and Linux Mirrors jeremy LinuxAnswers Discussion 0 02-06-2005 05:02 PM
point to point address assignment of ppp0 andyn Linux - Networking 0 10-11-2002 10:45 PM


All times are GMT -5. The time now is 12:08 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration