On Nov 13, 2007 7:07 AM, David Timms <dtimms@xxxxxxxxxxxx> wrote:
> Andrew Parker wrote:
> > repositories (a la yum) for the database. then files that couldn't be
> > opened by fedora rpms could be provided by other "repos".
>
> This would open fedora to all types of security problems because the
> fedoraproject is not able to control/vet/modify external repos - and
> hence this capability is specifically disallowed in the fedora packaging
> process.
>
> Having the current setup where a user goes to a web site, installs a
> x-release rpm, and then needs to accepting import of the repo's signing
> key means that it is the user who needs to decide whether they can trust
> repo x {which could do _anything_ on their machine}.
Sorry if I wrote was misleading, I intended it to work the same as yum
repos. i.e. as you say the user has to specifically add third party
repos themseleves.
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
