On Mon, 22 Aug 2005 12:43:26 -0400, Jeff Spaleta wrote: > > It would be good to make it easier to install yum repo entries; for > > instance by just clicking on a web page link. The actual links wouldn't > > have to be provided or even referenced by Fedora. > > Create the more general mechanism for installing an rpm via a link, > securely.. With emphasis on "_securely_". Just like you don't want to click a link and see an .exe file execute and start downloading and installing something, you don't want automated installation of Yum repositories. _Any_ repository out there could add itself to your configuration with a single click and provide packages which replace Core files. Adding real security in this area requires much more than asking the user for confirmation. For now, adding Yum repo entries with something like "rpm -ivh http://.../foo-release-4-1.noarch.rpm"; and letting Yum install the included GPG key should be easy enough even if it implies that some users probably trust some repositories blindly, because those users focus on simplicity instead of security. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-devel-list
