[CentOS] tcptrack for Centos 5.5 32bit rpm

Sun Jan 23 16:34:36 UTC 2011
Keith Roberts <keith at karsites.net>

On Sun, 23 Jan 2011, Nico Kadel-Garcia wrote:

> To: CentOS mailing list <centos at centos.org>
> From: Nico Kadel-Garcia <nkadel at gmail.com>
> Subject: Re: [CentOS] tcptrack for Centos 5.5 32bit rpm
> 
> On Sun, Jan 16, 2011 at 4:07 PM, Keith Roberts <keith at karsites.net> wrote:
>> Hi list.
>>
>> I have rebuilt tcptrack now.
>>
>> You can get it from here:
>>
>> http://www.karsites.net/centos/downloads/5.5/tcptrack-1.3.0-1.el5.i386.rpm
>
> Oh, boy. Keith? We may love you and think you're cool and your tools
> handy, but we have *no idea* of the safety or reliability of your
> source code. Please be sure to publish your SRPM with it. If you don't
> do this, you may also run afoul of the GP. (I just checked: the
> current tcptrack is under GPLv2). The home page is at
> http://www.rhythm.cx/~steve/devel/tcptrack/
>
> To avoid this kind of problem, I suggest you take a look at
> http://rpm.pbone.net/ to see if there are RPM's for your particular OS
> when writing packages. Sure enough, version 1.4.0 is available at
> RPMforge. And RPMforge is very amenable to adding interesting
> packages, and pretty good about checking packages for their
> provenance: I've been submitting .spec files packages there for quite
> some time.
>
>> It's not signed, so to install it with yum as root user, do:
>>
>> # yum localinstall --nogpgcheck tcptrack-1.3.0-1.el5.i386.rpm
>
> Please don't! You've not published source code for this, and a network
> monitoring tool built without good provenance is begging to send
> interesting packets offsite to an unknown repository. Not that you've
> done this, Keith, but as a general approach, random software packages
> off the net should be reviewed before installation.
>
> It's right in RPMforge, which has source code and a more recent
> version. I personally install the rpmforge-release package, then
> disable default access to it to protect my base systemm from conflicts
> with EPEL or the base OS, and pick and choose packages as necessary.
> (The subversion and rsync updates are very useful.)

Hi Nico. Thanks for all those tips :)

Yes, that's what I do with 3rd party repos as well.

I have pulled the plug on tcptrack-1.3.0-1.el5.i386.rpm, 
and all that's left now is:

2317   Dec 19 13:16 Fedora6-GPG-public-key.asc
148276 Jan 23 16:23 qps-1.9.18~6.src.rpm
187376 Dec 19 13:13 qps-1.9.18~.i386.rpm

I got the qps source from Fedora's koji site. The F6 public 
key is for anyone else that wants to rebuild qps - maybe for 
a different linux distro.

I do intend to set up a proper 3rd party repo for Centos, as 
soon as I have the time to read up on things.

Kind Regards,

Keith

-----------------------------------------------------------------
Websites:
http://www.karsites.net
http://www.php-debuggers.net
http://www.raised-from-the-dead.org.uk

All email addresses are challenge-response protected with
TMDA [http://tmda.net]
-----------------------------------------------------------------