[baldfat]

Sure down vote BUT defend your opposition to the point of this blog post that I pointed out. It is 100% not RPM issues that this person is talking about.

Okay so by the down votes I guess people prefer to think RPM is bad and won't take anything from anyone pointing out how it works and that the article used was full of holes by someone that doesn't understand package management.

I SAID STUPID: Ye sit is stupid to request a package manager that uses unsecured packages with disabled SSL and curl and wget to download packages and manage them so that any hacker could install any package it wants with a simple script.

[JdeBP]

"this guy" and "this person" with the "stupid blog post" is Felix von Leitner, for reference. Understand that, and understand things like diet libc, libowfat, and minit, and you will understand some of the bases of M. von Leitner's opinions here.

* https://de.wikipedia.org/wiki/Felix_von_Leitner

* https://en.wikipedia.org/wiki/Felix_von_Leitner

[creshal]

https://twitter.com/JohnLaTwC/status/708309799738314752

[creshal]

> Ye sit is stupid to request a package manager that uses unsecured packages with disabled SSL and curl and wget to download packages and manage them so that any hacker could install any package it wants with a simple script.

That was not the demand. The demand was a package manager that works without requiring openssl as a dynamically linked dependency, so the package manager still works if those dependencies are broken or missing (due to e.g. a botched update) and can repair dynamic libraries for the rest of the system.