Quote:
Originally Posted by Besl621
AFAIK I can
- install Slackware-15.0 by the official ISO here "https://mirrors.slackware.com/slackware/slackware-iso/slackware64-15.0-iso/" and then update to Slackware-current by slackpkg, or
- install Slackware-current by the unofficial AlienBOB's ISO here "https://slackware.uk/people/alien-current-iso/slackware64-current-iso/"
So far am I right?
|
Either method should work, although I've never tried that "unofficial current install dvd" that you linked. Another option is to use the Slackware-Live current iso that AlienBOB creates (its automatically created for each update in current, IIRC). That would be here:
https://slackware.nl/slackware-live/...-current-live/
Note that on slackware-live there is the "setup2hd.sh" script that performs similarly as the installer, but is designed to install the live version to disk. Afterwards you effectively have slackware current installed and can continue to maintain it from a current mirror.
Quote:
Originally Posted by Besl621
I have been using Slackware for years but the more I learn the more I am concerned about security.
My concern is whether 3rd party software can be really trusted or not.
I would need 3rd packages too (libreoffice, nvidia, keepassxc, etc...), do you use Ponce repository and sbopkg or install packages from official websites?
|
The "ponce repo and sbopkg" works by downloading the latest source code directly from the official sources, and builds it on your system. You can look over the slackbuild and source download location in the .info file if you'd like, but you would essentially be taking the same steps if you went to the source site, downloaded it yourself, and built it manually. The slackbuild just helps to perform those steps automatically and format the package.
Also, the slackbuilds have md5sums of the source in the .info file, so you can verify that you are working with the same source tarball as the original script writer.
The concern around "3rd party packages" is generally when you install a pre-compiled package from an untrusted 3rd party source. "pkgs.org" comes to mind in that case: I have no idea who builds those packages, or what they might slip into the package. I wouldn't blindly trust those and install those packages, but then some people do.
Personally I trust the packages that AlienBOB compiles and makes available on his repos. You could get libreoffice from his repo but that would be your call to decide whether to trust the repo. I've been using his packages for years so I trust his reputation (though I don't expect you to trust me either). If you want you can also take Alien's slackbuild and build libreoffice directly from source, or, get the slackbuilds/ponce version and build from those slackbuilds.
HTH.