From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tokarev <mjt@tls.msk.ru>
Subject: Re: kvm troubles
Date: Sat, 26 Dec 2009 00:20:36 +0300
Message-ID: <4B352CA4.5070308@msgid.tls.msk.ru>
References: <9232def20912240303r36d51aaak66122426b833811c@mail.gmail.com>	 <4B335045.3040904@chaschperli.ch>	 <9232def20912250309s64a111cex5d575783d009ced4@mail.gmail.com>	 <4B349FCD.4020102@chaschperli.ch>	 <9232def20912251148v7195d5c6qbca85de27a559ed7@mail.gmail.com>	 <4B351E16.7000401@msgid.tls.msk.ru>	 <9232def20912251240w66d02b3yb71e7d92d07d4b25@mail.gmail.com> <9232def20912251242p2d7b57d5h8ef7f5d38429625f@mail.gmail.com> <4B352655.6040309@msgid.tls.msk.ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7BIT
Cc: kvm@vger.kernel.org
To: Divick Kishore <divick.kishore@gmail.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from isrv.corpit.ru ([81.13.33.159]:38377 "EHLO isrv.corpit.ru"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1756697AbZLYVUi (ORCPT <rfc822;kvm@vger.kernel.org>);
	Fri, 25 Dec 2009 16:20:38 -0500
In-Reply-To: <4B352655.6040309@msgid.tls.msk.ru>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

Michael Tokarev ?????:
> Divick Kishore wrote:
>>> Also I am not sure that as such packages __should__ not be downloaded
>>> from any unknown site but only from trusted debian mirrors. Am I not
>>> open to any security issues in case I install the package downloaded
>>> from www.corpit.ru?
>> Or in fact downloaded from any other site pointed out by someone on
>> the mailing list. Why should / should not trust packages downloaded
>> from non standard debian mirrors?
> 
> Well, it's your choice really.
> 
> I maintained kvm (and later qemu-kvm) package for debian for a long
> time because the one in debian is too old to be usable.  It was a long
> way before I was able to communicate with debian maintainer, and now
> I co-maintain it -- there is qemu-kvm-0.11.1 in -testing now, but it
> depends on many other libraries in -testing.  For over a year kvm in
> debian was unusable - so much for trusted/standard mirrors.

By the way, it's no more risk when you grab any other software
and run it on your machines.  Like for example kvm from official
sources (and compile it) -- did you check for trojan horses and
the like in the source?

> As of the error you've got -- you're the first to report it, apparently
> no one else noticed that it depends on a single package that is not in
> lenny -- it's libgnutls26.  You can install this library from -testing
> or wait till I re-upload new version to www.corpit.ru.

Uploaded, still 0.11.0 - I have no time right now to update to 0.11.1
or 0.12 (and the latter is quite unstable anyway).  But 0.11.0 is a
good version.

Grab
qemu-kvm_0.11.0+dfsg-1tls2_amd64.deb or
qemu-kvm_0.11.0+dfsg-1tls2_i386.deb
depending on your arch.

/mjt