On Fri, 2007-08-24 at 13:52 -0400, Jesse Keating wrote: > On Fri, 24 Aug 2007 19:46:48 +0200 > Axel Thimm <Axel.Thimm@xxxxxxxxxx> wrote: > > > That sounds more like using the tarball though. If a software's use is > > only restricted to looking onto it in a chroot or perform limited > > operation with is as to not shoot away the rest of the system it > > should not be a yum install bomb away from your fingertipps (well, not > > your, but the users') > > Again, if it is made to live completely outside the range of the system > yum and not to interact at all with any thing that uses rpmlib, how can > it "bomb" your system? The value would be that it's pre-compiled for > our distro, it passes our guidelines for packaging quality, and given > our constraints people can be confident that using rpm5 to play around > with that fork won't "bomb" their system as it's being forced to be > sufficiently walled off from the rest of the system. Just chucking a > tarball at people or forcing it to live in some other repo is just > invitation to have it be actively hostile toward your system should you > install it, or fail to get the compile flags right, or whatever else. Even with a separate database, it will overwrite the files on the system when rpm5 does an install/update transaction, and the rpm.org db (the system database) will not reflect these changes. BOOM. ~spot _______________________________________________ fedora-advisory-board mailing list fedora-advisory-board@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-advisory-board
