LinLog

You know the worst thing about being a Linux user? The zealots. I hate Linux zealots. They make me embarrassed to use Linux.

For example, I was just reading a thread on Linux Questions.org in which somebody asked how safe it is to download RPMs from mirror sites. Now, it seems to me like the poster was a bit confused about the difference between a mirror and an independent package repository, but the question is still perfectly legitimate. The simple fact is that 99% of the time, you don't have any idea who runs the site, who has access to the server, or how good their security is. How do you know someone didn't stick a Trojan in one of the packages? In a disturbing number of cases, the answer is probably that you don't know.

Of course, for "official" mirrors, you can always take advantage of message digests and digital signatures. Most package repositories keep PGP signatures, or MD5 sums, or something of that nature, so that you can verify the integrity of your package. However, this won't work for independent package repositories. When it comes to third-party packages, you're pretty much taking it on faith that the packager is both honest and competent. Of course, anyone who cares enough to go to the trouble of maintaining a package archive isn't too likely to be doing it for nefarious purposes, so I find that the competency factor is most often the problem.

At any rate, the question was not wholely unreasonable. Sure, it's probably not worth losing sleep over (unless you're exceptionally paranoid), but it's not a stupid thing to ask either.

So how do the responses go? A moderator tells the poster to "stop being a freak" and claims an open-source mirror package is going to be more secure than anything from Microsoft, someone else tells him to go back to Windows, and a few people attacked the the one person who happened to sympathize with the original poster. In his blind zealotry, one poster even forgot how to read and posted a "rebutal" link to a ZDNet article linked by the sympathizer, complaining that ZDNet is a "Windoze"-centric site. Needless to say, his link to a "respected security website," which looks to me like a crappy Linux portal site, agreed with the ZDNet story in all the details.

What's with these people? Grow the hell up, will you please? Get this through your head: it's just software. It can't feed the starvig, bring world peace, or tell you the meaning of life. And while I'm at it, "Windoze" and "M$" were funny for about 3 seconds the first time I saw them. If you use them on a regular basis, then you're being stupid and childish and you deserve to be smacked in the face with a wet weasle.

Why do I even bother? I guess it's time for another of my yearly "I'm swearing off web forums because reading the rantings of clueless morons is a waste of my time" episodes again.