Be aware of where your packages/PKGBUILDS come from.

A word of caution to all you Archers out there. Be careful where you get your packages from.
It goes without saying that a package from an unknown user/entity could house harmful material. A package could install a trojan, a backdoor, or several other devious things.
The Arch Build System is powerful, and safe if used responsibly. Responsability on the user end is key though. It would be a simple matter of building a package with a harmful post_install script embedded in it, or even an embedded keystroke logger daemon. The myriad of possabilities given that install scripts are executed as root is endless.
So, in summation, know what you are installing. Be an educated user. Know the source of your packages/pkgbuilds. Package builds posted on the forum are generally subject to the review of the public, and thus it is likely that some user would pick up on some squirrelliness and say, "hey! that doen't look right!".
I consider pkgbuilds safer than binaries from sources that I do not trust, because I know what is going on in the pkgbuilds and I can review it. If you do not have the experience required to feel comfortable understanding pkgbuilds, then stick with repos that you trust.
Nothing to be alarmed about. I was just thinking about security this afternoon, and thought I would say something in the hopes that it would make even one user out there a bit safer.  8)

I as well put filelist, patches and PKGBUILDs to my server (even though, no repo).
Anyway, think about larger patches ... who's realy going to read them? Any of you (okay, i know it's an official package) read the visibility patch of GCC? I did, since i maintained the patched GCC for another distribution. Though, this patch just was released on mailinglists... as i know.
I've never used any other package source than official repos and the packages i created, and i feel convenient about this.
Anyway, it's a good idea at least to let people know about the risks. I'm also providing binary / pkgbuild / filelists / patches, but i doubt anyone read what the builds are really doing (statistic of my webserver tells that not even 20% of the people downloading binaries reviewed the PKGBUILDs, i just took a short look at this).
// STi

Similar Messages

  • Where did these tracks come from?

    I was helping a friend hook up his IPOD. His IPOD was given to him by a friend. ITUNES was already on his PC.
    When I connected the IPOD, ITUNES started "converting" a bunch of songs from one format to antoher. It took so long I had to cancel it. But already there were about 10 albums that had been "converted" and now appeared in his library.
    I just assumed these were songs from his IPOD. But when I browsed the IPOD using the ipod screen, it shows up empty.
    (1) Where did these songs come from?
    (2) How would I get the rest of the songs, wherever they are?
    (NOTE FYI -- I also am having a problem updating, can't update ipod, option is greyed out. I tried "restoring" the ipod, no help. I didn't do a reset because I did't know how. I will when I return)

    I'm always willing to be proven wrong, but to my understanding iTunes will under no circumstances add music from your iPod into the library on the PC. There is no supported way to move music from the iPod to the PC.
    There are, however, 3rd party applications that will do this.
    As for where the imported music was coming from, my guess would be an existing Mp3 or wma music collection the person had on their PC. If itunes searched the pc for music when it first was installed, and found files not in .m4a format, it would convert them and import them into the library.
    What are the tracks? It could have even been importing the sample music or system sounds that come with windows, I suppose.

  • Where does skype signal come from

    Okay, I have skype finally. But after reading skype info I still didn't get an idea of how it works. Basically where does the signal come from. Is it like a cellphone or do you have to be near something. Oddly enough, there's no real explanation on these forums. Or at least the ones I've read. It seems that its VOIP, whatever that is. Does it need wireless, or cells... can I call to someone driving in my car or get a call from someone. What are the limitations? Confused.  

    Skype is a VoIP provider.  VoIP providers use Internet access in order to make phone calls.  If you are home you can use your phone's WiFi to obtain Internet access from your home's wireless router.  If you are not you can use either your phone's  2G/3G/4G data plan or the Internet from any WI-Fi access point you have access to in the area.

  • Does anyone know where this BAPI definition come from?

    Hi, All,
    See below example definition for BAPI_FUNCLOC_GETLIST for business object FunctionalLocation and method GetList.
    <doc:FunctionalLocation.GetList xmlns:doc="urn:sap-com:document:sap:business" xmlns="">
    <MaintplantRa>
    <item>
    <SIGN></SIGN>
    <OPTION></OPTION>
    <LOW></LOW>
    <HIGH></HIGH>
    </item>
    </MaintplantRa>
    <PlangroupRa>
    <item>
    <SIGN></SIGN>
    <OPTION></OPTION>
    <LOW></LOW>
    <HIGH></HIGH>
    </item>
    </PlangroupRa>
    <DescriptRa>
    <item>
    <SIGN></SIGN>
    <OPTION></OPTION>
    <LOW></LOW>
    <HIGH></HIGH>
    </item>
    </DescriptRa>
    <FunclocRa>
    <item>
    <SIGN></SIGN>
    <OPTION></OPTION>
    <LOW></LOW>
    <HIGH></HIGH>
    </item>
    </FunclocRa>
    <SortfieldRa>
    <item>
    <SIGN></SIGN>
    <OPTION></OPTION>
    <LOW></LOW>
    <HIGH></HIGH>
    </item>
    </SortfieldRa>
    <PlanplantRa>
    <item>
    <SIGN></SIGN>
    <OPTION></OPTION>
    <LOW></LOW>
    <HIGH></HIGH>
    </item>
    </PlanplantRa>
    <FunclocList>
    <item>
    <FUNCTLOCATION></FUNCTLOCATION>
    <FUNCLOC></FUNCLOC>
    <LABEL_SYST></LABEL_SYST>
    <DESCRIPT></DESCRIPT>
    <STRIND></STRIND>
    <CATEGORY></CATEGORY>
    <SUPFLOC></SUPFLOC>
    <PLANPLANT></PLANPLANT>
    <MAINTPLANT></MAINTPLANT>
    <PLANGROUP></PLANGROUP>
    <SORTFIELD></SORTFIELD>
    </item>
    </FunclocList>
    </doc:FunctionalLocation.GetList>
    Does anyone know where this BAPI definition come from? How do i get this BAPI definition from SAP? Does SAP still support the BAPI definition like this? Thanks a lot!

    > Does anyone know where this BAPI definition come from? How do i get this BAPI definition from SAP? Does SAP still support the BAPI definition like this? Thanks a lot!
    Hi,
    If you are wondering, how BAPIs/RFCs come into XI system then below are few points to be considered.
    1. First of all there should be a connection between XI & R3 system to communicate with each other.
    2. Scecondly the BAPIs/RFCs in R3 system should be "Remote enabled".
    3. Login to Integratin Repository then open your corresponding namespace and expand Imported Objects then right click on RFCs and press continue. It will ask you to provide the IP address, User ID & passord of R3 system. Once you provide the correct authonication details it will return al list of all BAPIS/RFCs present in R3 system. Just select you BAPI and continue. Once it is done you can see you corresponding BAPI under Imported objects.
    I hope the above information will help you.
    Regards,
    Sarvesh

  • Where is the data come from when BW extract data from APO's MSP

    Hi,all.
       The APO system has many datasource,I have activated all the datasource with TCODE RSA5.
      I want to extract APO data to BW(Not APO's),where the APO data come from for BW extract,APO BW or SAP transparent table of APO or APO liveCache?
      PLZ help me,thank you very much.

    Hi,
    APO to BI Data Flow :
    1. Normally APO  DS  naming convention start with "9".
    2. Normally Planning area will provide the data for the DS.
    3. Using one T-Code ( /N/SAP/ ..... Ask APO Person) DS will be generated .In the specified T-Code you will provide the relavant 
        Planning area and DS will be generated.
    4.As you know RSA3 is for checing the data for DS.If you found there is no data for some fields then you will check the data at the planning area level (In R/3 table level).
    Regards
    Ram.

  • Where do array Methods Come From?

    I've been curious about this for awhile. I can't find anything useful on google; all I end up with are array tutorials, which don't go into the "meat and potatoes" of my question at all.
    It's probably easiest to point out what I'm asking by posting the following first:
    public class TestArray{
       public static void main(String [] args){
          String [] catSounds = {"meow", "purr", "growl"};
          System.out.println(catSounds.toString());
          System.out.println("length: " + catSounds.length);
    }Okay, so given a basic String array (could be an array of anything, including primitives, but I just used String for simplicity's sake), we can call functions on it, like toString above. However, for lack of better wording, where does that method come from? I used eclipse's "open declaration" feature on the method, and it took me to toString in Object. But I didn't think a basic array was an Object?
    Similarly, where is the length field stored (eclipse's "open declaration" feature doesn't work on it)? It has to be encapsulated by some class somewhere, right?
    Is there a hidden class that extends Object (duh) and encapsulates the information for an array, and does the java compiler just translate the array syntax into calls to that class? Or am I missing something?

    kevinaworkman wrote:
    That link explains some of it. It explains all of it. ;o)
    So was I correct when I said there's a "hidden" (inaccessible and not listed in the API) class that extends Object and encapsulates the array data?Sort of yes, sort of no.
    10.8 Class Objects for Arrays
    Every array has an associated Class object, shared with all other arrays with the same component type. The direct superclass of an array type is Object. Every array type implements the interfaces Cloneable and java.io.Serializable.
    There isn't a general single Array class the way you're thinking (java.lang.reflect.Array isn't what you're looking for). Arrays have special support in the Java language, as described in the JLS.
    Why go through the trouble of having special syntax for an array if there's a class that could have been used just like any other class?Tradition.
    ~

  • Where did debug console come from and is it a good thing?, Where did debug console come from and is it a good thing?

    Where did debug console come from and is it a good thing? Should I keep it on?

    Unless you are a programmer or web developer, it really serves no purpose. To turn it off, open the Settings app and select Safari, Advanced (scroll down to get to it), slide the button to turn it off.

  • Where does the data come from which powers the ship date and delivery date

    Hi All,
    Please let me know, where does the data come from which powers the ship date and delivery date?.
    Adi.

    Hi,
    DELIVERY DATE  will be maintain in the SALES DOCUMENT TYPES in VOV8 in the tab REQUESTED DELIVERY DATE/PRICING DAE/PURCHASE ORDER DATE.
    The field is PROPOSE DELIVERY DATE .
    If you check the field then the document created date will be the Requested date and will be carried from ORDER TO DELIVERY.
    If you want the delivery date other thann the CURRENT date then you have to maintain the LEAD TIME in days in the same tab.
    SHIP DATE: is the date on which you do the PGI in the delivery .
    Please check them and revert back if u need further details
    thanks,
    santosh

  • Where the set value come from

    where is the set value come from, can the value come from Servlet
    create or replace
    PACKAGE BODY TRIGGER_test as
    function setStudentNum(sn in varchar2) return varchar2 as
    Begin
      staff_num := sn;
      return ('Success');
    Exception
    When OTHERS then
      return ('Error');
    End setStudentNum;
    function getStudentNum return varchar2 as
    Begin
      if (staff_num is not null) then
       return (staff_num);
      else
       return ('undefine');
      end if;
    End getStudentNum;
    end TRIGGER_test;

    Hjava wrote:
    >i am assuming that the function trigger_test.setStudentNum() gets executed first which will initialize the staff_num variabl
    when and how?
    Some 'other' bit of code somewhere.  How do we know, as we don't have your application/process code.  There will be something somewhere that calls the setStudentName function, so that when the getStudentName function is called it can return a value.  Values don't just magically appear.
    The only time there may be some code that initializes a value (other than in the declaration of the variable itself) is in a package body execution section e.g.
    SQL> create or replace PACKAGE TRIGGER_test as
      2    function setStudentNum(sn in varchar2) return varchar2;
      3    function getStudentNum return varchar2;
      4  end TRIGGER_test;
      5  /
    Package created.
    SQL> create or replace PACKAGE BODY TRIGGER_test as
      2    staff_num varchar2(30);
      3    function setStudentNum(sn in varchar2) return varchar2 as
      4    Begin
      5      staff_num := sn;
      6      return ('Success');
      7    End setStudentNum;
      8
      9    function getStudentNum return varchar2 as
    10    Begin
    11      return (staff_num);
    12    End getStudentNum;
    13  begin
    14    staff_num := 'undefined';
    15  end TRIGGER_test;
    16  /
    Package body created.
    SQL> select trigger_test.getStudentNum() from dual;
    TRIGGER_TEST.GETSTUDENTNUM()
    undefined
    SQL> select trigger_test.setStudentNum('1234') from dual;
    TRIGGER_TEST.SETSTUDENTNUM('1234')
    Success
    SQL> select trigger_test.getStudentNum() from dual;
    TRIGGER_TEST.GETSTUDENTNUM()
    1234
    As you can see, the first time the package is instantiated in memory (the first time we call any function in it), the package body execution section is called which sets the variable to "undefined" in this example, before the function itself is called to return what the value is.

  • [SOLVED] Where do header files come from?

    I'm a little confused about which files get included when compiling a program in C.
    I made a file named "screen.h". It's pretty obvious that the compiler is trying to use a different "screen.h" than mine, especially since it compiles fine when I rename my file to "screenblarg.h".
    I am making a video game using the Allegro Game Library. Here is the command I use to compile the source files:
    gcc -O2 -Wall -Wextra -ansi -pedantic -c filename.c -I/usr/include
    I "properly" include the necessary files, using quotes and angled brackets, for example, in "main.c":
    #include <allegro.h> /* System header */
    #include "screen.h" /* Local header */
    I'm especially confused because there is no "screen.h" in "/usr/include".
    Does this behavior make sense to anyone? Please let me know if it would help to see the actual code. Thank you!
    Last edited by drcouzelis (2010-08-11 02:00:11)

    tavianator wrote:
    Use gcc -v to see where it's searching for include files.
    Also, -I/usr/include is unnecessary, as gcc will search there for includes by default.
    Thank you for your response. I don't see anything in the output of "gcc -v" that would say where it is searching for header files. (it's from the standard Arch Linux package, by the way)
    Using built-in specs.
    COLLECT_GCC=gcc
    COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-unknown-linux-gnu/4.5.0/lto-wrapper
    Target: x86_64-unknown-linux-gnu
    Configured with: ../configure --prefix=/usr --enable-languages=c,c++,fortran,objc,obj-c++,ada --enable-shared --enable-threads=posix --enable-__cxa_atexit --enable-clocale=gnu --enable-gnu-unique-object --enable-lto --enable-plugin --disable-multilib --disable-libstdcxx-pch --with-system-zlib --with-ppl --with-cloog --libdir=/usr/lib --libexecdir=/usr/lib --mandir=/usr/share/man --infodir=/usr/share/info
    Thread model: posix
    gcc version 4.5.0 20100610 (prerelease) (GCC)
    As for including "-I/usr/include", I understand that it's not necessary. It comes from the Allegro command "allegro-config --cflags" in my makefile, which I added to make compiling my program a bit more portable.
    There are two other files on my computer named "screen.h". I tried renaming them, but my program would still not compile.
    A search on the Internet doesn't say anything about a common "screen.h" file in Linux.
    Does the compiler "see" header files (such as a "screen.h") in the libraries that are in "/usr/lib"? Or something? O_o

  • Where Does These Handles Come From In Color v1?

    When i add handles in Color where are they coming from?
    i.e.
    if the clip goes to color as a say 3 second clip. I then grade it and add a 5 frame handle.
    Does the 5 frames come from the clip in motion or doe it come from the footage before an after the fcp edit points?
    if it comes from what i sent then how do i maintain my edit/style rhythm of cuts?

    in@ 00:03:20 and then out@ 00:04:20...
    If those numbers are the source time code *at 23.98 fps*, there would be 24 frames in that clip. If you did not add handles, a new clip (#_1.mov) would be rendered and placed in the COLOR project render directory of your choosing. On Send To FCP, a new clip with the old reference name (but pointing to the new media) will appear on the FCP sequence and it will be 24 frames starting at 3:20 and ending at 4:20.
    If you request the addition of 4-frame handles, the clip will be rendered with a duration of 2444=32 frames. The clip "#_1.mov" source time code will be 3:16 to 5:00 (remembering this is 24 fps). When it appears on the FCP timeline, a one-second clip will show up and it will be In/3:20, Out/4:20, but you will be able to slip it +/- 4 frames or add up to a 4-frame transition outside the
    selected pickup points.
    It has not much to do with the master time code of the edit sequence, the handles only get added to the "source" clip, but it does not affect its pickup or duration on the master sequence. On the Master sequence, you would still only see the 24 original frames... but if you wanted to trim the edit a couple of frames, you would have them.
    You must understand that COLOR generates new independent media, usually ONLY the selected footage on the timeline. Handles are a way of generating extra media in an attempt to build in some post-lock flexibility, and they do not affect the edited sequence selection in any other way.
    jPo

  • Where does SPUser.ID comes from

    Dear All
    I have a user set up in active directory. This user is rwolf (CN=rwolf,OU=acme,DC=bfs-cust-tst,DC=local). Assume I run the code below in  'protected void Page_Load(object sender, EventArgs e)'.
    SPSite oSite = SPContext.Current.Site;
    SPWeb oWebsite = oSite.OpenWeb();
    SPUser user = oWebsite.CurrentUser;
    myLabel.Text = user.ID.ToString();
    When rwolf logs into Sharepoint and navigates to the page where above code behind runs he will see as value in 'myLabel' '18'. So, ID of rwolf is 18. Now, I could not figure out where this ID comes from. I looked deeply into Active Directory but could not find
    anything. Any hints?

    Hi,
    Whenever you add the user to the permissions or some other place.  It create a list item in the hidden list called user information list.  The ID which you are referring belong that list item.
    For more information, please refer to the following article.
    http://zimmergren.net/technical/sharepoints-hidden-user-list-user-information-list
    http://www.ktskumar.com/blog/2009/04/user-information-list-url-2/
    Please don't forget to mark it answered, if your problem resolved or helpful.

  • Extending the Insert Bar: where do the labels come from?

    Very much a beginner with Extensions; just a simple question about items on the Insert Bar.
    When I look at the content of 'insertbar.xml', the entry for 'Heading 1' is this:
    <button MMString:label="insertbar/textH1" MMString:name="insertbar/textH1" file="Text\H1.htm" id="DW_Text_H1" image="Text\H1.gif" />
    So my question is, how does the button on the Insert Bar read 'Heading 1'? That text appears nowhere in the 'insertbar.xml' document, nor is it in 'menus.xml', so it must come from somewhere else.
    I haven't found any reference to this in 'Extending Dreamweaver', and a content search of the Configurations folder yields zero as well. Any help is appreciated.

    Strings specified using MMString: have been separated out so they can be localized for different languages. They are compiled and stored in: [install-dir]/[lang]/Resources/strings.zbin (where lang is something like "en_US").
    If your extension is just for 1 language or is non-localizable text, then change "MMString:label" to "label" and put the text directly in insertbar.xml.
    If you want to make your extension for multiple languages, then store the strings in the [install-dir]/[lang]/Configuration/Strings folder and reference them by id. Take a look at the XML files in that fodler as an example.
    HTH,
    Randy

  • When typing a text message my iPhone 4 now speaks some of the words as I type.  Where did this feature come from and how do I turn it off?

    When typing a text message on my iPhone, a voice now speaks some of the words.  Where did this come from and how do I turn it off?

    You have VoiceOver turned on.  See p. 230... http://manuals.info.apple.com/en_US/iPhone_iOS4_User_Guide.pdf

  • Where does album art come from?

    I had assumed that the album artwork that iTunes 7 provided would only be from music available on iTunes. It made sense; no Beatles artwork, no AC/DC, no Led Zep. However, some albums that aren't available at the iTunes store automatically appear. Most notably, of all things, the album "Conquer the Video Craze"; an obscure record that teaches you how to play Pac-Man and Stargate. When I saw that THIS appeared, I started checking others. There are a lot of albums that aren't available on iTunes, yet the artwork is downloaded. Where does it come from?

    I also could download artwork of albums which are not available in the Dutch iTunes Store (the only one available for my purchases).
    Searching in other Stores I found the albums, so I guess the artwork has to be stored on a central server or the artwork request is redirected to others Stores' servers.
    No information is known to me where it actually comes from.
    M

Maybe you are looking for

  • Access to WAN Port 2 on an CISCO ISA 550 Firewall

    Hi all On a CISO ISA 550 Firewall i created a 2 WAN Port Failover whichs works fine. But how can access the WAN2 Port (see Attaments) from my Workstation even the WAN1 Port is up an runnig, i created also a new Zone and Firewall Rule but this dosen't

  • Low disk space (Boot Camp) - can I repartition my hard drive?

    Hi there - I am a MacBook user through and through.  However, I partitioned my hard drive 3 years ago using Boot Camp to do some light Windows-only work.  I only partitioned 8 GB to Windows, which wasn't a problem til now.  I'm now trying to use some

  • System Error Message "0xc000007b".  What's to change?

    I cannot get Lightroom to open and also can not get Nikon VIEWNX2 to open.  Both report the same system error message.  I don't know where or how the system errors can be fixed to allow these programs to download my pictures from Camera to computer.

  • Inheritance between a Business Event Type and a Business Event

    Hello, When we created a Business Event (Object E), this one have some inheritance from the business envent type (Object D). I don't find where I can customize this. Do you have an idea ? I have created a custom PD infotype (available for object D an

  • Features for context menu

    If possible add to context menu "Clear folder". When in folders have many many letters and i have many many folders, then very simple to delete all letters in folder in "one click". This for Thunderbird.