Re: pm-utils - ATrpms updates a system package on the stable branch

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



on 7-8-2008 11:42 AM Axel Thimm spake the following:
On Tue, Jul 08, 2008 at 11:33:24AM -0700, Florin Andrei wrote:
Johnny Hughes wrote:
Client filtering is not recommended by some people ... but highly recommended by others :-D
It's a good idea on important systems - but then you shouldn't open those machines to outside repositories anyway.

But if you don't do client-side filtering, you're helping the repositories to fix their problems and become cleaner. Everyone benefits in the long run.

There is no "one true answer to rule them all" in this case. Use client-side filtering on the machines that must not break under any circumstances. Relax the policy in the other cases. Use common sense.

Just to present an example from Fedora: clamav within Fedora was and
is considered rather cumbersome packaged and many users turn to 3rd
party repos to get clamav installed.

If you place a filtering upon them, then some clamav subpackages will
come from the 3rd party repo and some from Fedora base leading to a
system that will possibly allow viruses to pass by. So actually the
filtering will be destabilizing your setup instead of protecting them.

The true answer to this is cooperating/merged repos and we're
targeting this on rpmrepo.org. Join up and be part of the solution :)
I think a big problem comes when a repo wants to build packageX, but it requires fancywidgetv2.1. But the base system only has fancywidgetv1.9. How would you get packagex without the possibility of breaking something unless fancywidgetv2.1 has backwards compatibility with fancywidgetv1.9?


--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux