On Sun, Jan 16, 2011 at 4:07 PM, Keith Roberts <keith at karsites.net>
wrote:> Hi list.
>
> I have rebuilt tcptrack now.
>
> You can get it from here:
>
> http://www.karsites.net/centos/downloads/5.5/tcptrack-1.3.0-1.el5.i386.rpm
Oh, boy. Keith? We may love you and think you're cool and your tools
handy, but we have *no idea* of the safety or reliability of your
source code. Please be sure to publish your SRPM with it. If you don't
do this, you may also run afoul of the GP. (I just checked: the
current tcptrack is under GPLv2). The home page is at
http://www.rhythm.cx/~steve/devel/tcptrack/
To avoid this kind of problem, I suggest you take a look at
http://rpm.pbone.net/ to see if there are RPM's for your particular OS
when writing packages. Sure enough, version 1.4.0 is available at
RPMforge. And RPMforge is very amenable to adding interesting
packages, and pretty good about checking packages for their
provenance: I've been submitting .spec files packages there for quite
some time.
> It's not signed, so to install it with yum as root user, do:
>
> # yum localinstall --nogpgcheck tcptrack-1.3.0-1.el5.i386.rpm
Please don't! You've not published source code for this, and a network
monitoring tool built without good provenance is begging to send
interesting packets offsite to an unknown repository. Not that you've
done this, Keith, but as a general approach, random software packages
off the net should be reviewed before installation.
It's right in RPMforge, which has source code and a more recent
version. I personally install the rpmforge-release package, then
disable default access to it to protect my base systemm from conflicts
with EPEL or the base OS, and pick and choose packages as necessary.
(The subversion and rsync updates are very useful.)