Andrew Parker wrote:
repositories (a la yum) for the database. then files that couldn't be opened by fedora rpms could be provided by other "repos".
This would open fedora to all types of security problems because the fedoraproject is not able to control/vet/modify external repos - and hence this capability is specifically disallowed in the fedora packaging process.
Having the current setup where a user goes to a web site, installs a x-release rpm, and then needs to accepting import of the repo's signing key means that it is the user who needs to decide whether they can trust repo x {which could do _anything_ on their machine}.
DaveT. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list