Linked by Thom Holwerda on Tue 5th Feb 2008 22:32 UTC
Canonical, the company behind Ubuntu, will announce on Feb. 6 that it's making Parallels Workstation for Linux available to users through the Ubuntu Partner Repository. Parallels, formerly SWSoft, the company behind the open-source virtualization program OpenVZ, is best known for its Parallels virtualization software that works with Mac OS X. Parallels Workstation for Linux won't let you run Mac OS X, but it will enable you to run multiple versions of Windows or Linux with Ubuntu.
Thread beginning with comment 299768
To view parent comment, click here.
To read all comments associated with this story, please click here.
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[7]: Who needs the middleman?
by autumnlover on Thu 7th Feb 2008 12:36
in reply to "RE[6]: Who needs the middleman?"
Member since:2007-04-12
RE[8]: Who needs the middleman?
by lemur2 on Thu 7th Feb 2008 13:02
in reply to "RE[7]: Who needs the middleman?"
Member since:2007-02-17
"What on earth have you got against the repository maintainers?
I have no reason to trust them also. People are always the weakest point of any security. Do you trust them completely ? Why ? Or we just come back to the question of religious faith. "
It has nothing whatsoever to do with faith.
1. It is in the best self-interest of the repository maintainers to do the right thing.
2. Everything they do is in the direct public view, and open to scrutiny.
3. The record of the repository maintainers is impeccable.
4. The ongoing continuous activities of a large community of people would quickly uncover anything wrong or malicious that any repository maintainer attempted to do.
You can directly measure the performance and trustworthiness of maintainers of open source repositories.
That puts them in a position worthy of trust far more so than the position of any author of any closed-source software, who after all jealously hides from everyone what they have done and how they have done it, and whose readily apparent best interests often diverge markedly from the best interests of people who might be using their software.
Who would you trust?
If you answer "the vendors of closed-source proprietary applications", then I have got a very nice bridge that you might be interested in buying.
Edited 2008-02-07 13:04 UTC
Recent Original Stories
Recent Comments
Headlines
Random Comments
Random Stories
Random OS Link
Member since:
2007-02-17
... and check the code carefully line by line, to assure us that there is no malware hidden in it, before they digitally sign packages. What a relief! Linux is really safe! There is no need to bother with anti viruses and firewalls on it!
In fact, they all live in NASA's secret base on far side of the Moon. And we can be absolutely sure that none of those maintainers are working for web-targeting criminal organisations. "
What on earth have you got against the repository maintainers?
The point is this: the repositories contain packages, which purport to be compiled versions (targeted for a particular distribution and a particular system architecture) of source code which is visible to anyone and which is held in one online source code management system or another. Anyone can compile the same source code themselves, and confirm for themselves that the compiled binary indeed matches the source code that supposedly generated it.
Many developers actively track down bugs in said distributions, because they use that distribution themselves and have a self-interest in ensuring that it is well maintained and advanced, and they can perform, and do perform, such verifications.
Not once has there ever been a case of a repository maintainer "slipping" something malicious into the compiled version of a distribution's package. Not once in however many years, through countless versions of however many packages in open source repositories.
The repository maintainers have nothing to gain from doing such, everything to lose, and would surely get caught out in very short order if they ever did try such a trick.
Ergo, there is no malware in code installed from repositories.
Are you following this yet? It should be fairly obvious, but I always seem to run into people who just cannot, or will not, see. There are anti-evolution sites and flat-earth societies on the web that are eminently reasonable and logical when compared to some people.
Edited 2008-02-07 12:27 UTC