On 05/09/2014 11:19 AM, Wael M. Nasreddine wrote: > --- > .travis.yml | 10 ++++++++++ > 1 file changed, 10 insertions(+) > create mode 100644 .travis.yml > > diff --git a/.travis.yml b/.travis.yml > new file mode 100644 > index 0000000..8d92cdc > --- /dev/null > +++ b/.travis.yml > @@ -0,0 +1,10 @@ > +language: c > +before_install: > + - sudo apt-get update -qq > + - wget 'https://launchpad.net/ubuntu/+archive/primary/+files/zlib1g-dev_1.2.8.dfsg-1ubuntu1_amd64.deb' > + - wget 'https://launchpad.net/ubuntu/+archive/primary/+files/zlib1g_1.2.8.dfsg-1ubuntu1_amd64.deb' > + - sudo dpkg -i zlib1g-dev_1.2.8.dfsg-1ubuntu1_amd64.deb zlib1g_1.2.8.dfsg-1ubuntu1_amd64.deb The above strikes me as a problem waiting to happen. If there are specific versions of zlib that need to be installed, and we know what the package is that needs to be installed, at the very least, the scripts to fetch each package should verify a strong cryptographic digest of the package before directly installing it from the network. if the digest doesn't match, then the script should abort with a failure, before installing the packages. --dkg