<html><head></head><body>What repo's are you using??? There are some that are not a good idea, others are frowned upon. Any repo that provides desktop environment tools other than epel and rpmfusion is a bit suspect. Nux is right out. Tends to break things as well <br><br><div class="gmail_quote">On May 31, 2020 10:20:28 AM EDT, Leam Hall via Ale <ale@ale.org> wrote:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<pre class="k9mail">On 5/31/20 9:04 AM, Solomon Peachy wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #729fcf; padding-left: 1ex;">On Sat, May 30, 2020 at 08:56:11AM -0400, Leam Hall via Ale wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #ad7fa8; padding-left: 1ex;">I can't remember what I was doing this morning, but I look at the installed<br>packages on my CentOS 7 box. I was surprised, and very dismayed, that a few<br>dozen rpms came from a repo in the former Eastern Bloc.<br></blockquote><br>It's not entirely clear what you are saying -- was your system was breached?<br><br>Do you know the attack vector? How would a different distro have fared<br>any differently?<br><br>_every_ distro has vulnerabilities; that's why you must routinely apply<br>the various updates the distro supplies. If the vulerability was due<br>to software or configuration not supplied/managed by the distro, then<br>the underlying distro probably wouldn't have mattered.<br></blockquote><br>I consider the installation of significant packages (libselinux-*, <br>linux-firmware) from a third party repository, from some areas of the <br>world, to totally compromise the system. While I would love to believe <br>the best in everyone, and to be right about that, reality says that <br>doesn't work.<br><br>Since I really dislike systemd, a new OS is in order. I have worked with <br>RH for more than two decades, and made my living supporting their <br>products. I'm sad to go, but it's the right thing to do.<br><br><br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #729fcf; padding-left: 1ex;">You have to decide if "tinkering" is just a means to an end, or the<br>entire point, of this system of yours -- Because your time isn't free or<br>unlimited.<br></blockquote><br>Yup. I need a system that will do the things I need done. At the moment <br>I'm not an OS guy. If my job or situation changes, I might have to <br>reevaluate that. :)<br><br>Leam<hr>Ale mailing list<br>Ale@ale.org<br><a href="https://mail.ale.org/mailman/listinfo/ale">https://mail.ale.org/mailman/listinfo/ale</a><br>See JOBS, ANNOUNCE and SCHOOLS lists at<br><a href="http://mail.ale.org/mailman/listinfo">http://mail.ale.org/mailman/listinfo</a><br></pre></blockquote></div><br>-- <br>"no government by experts in which the masses do not have the chance to inform the experts as to their needs can be anything but an oligarchy managed in the interests of the few.” - John Dewey</body></html>