On 15.12.2006 07:43, Curtis Doty wrote:
Why exactly does this clement email proxy get to elect itself as a yum
repository complete with "trusted" gpg key and packages not signed by the
extras build system?
Even worse, it appears to be broke.
# yum install clement
...(snip)...
# yum list
Loading "installonlyn" plugin
Loading "changelog" plugin
Setting up repositories
ftp://ftp.safe.ca/pub/clement-2.1/repodata/repomd.xml: [Errno 4] IOError:
[Errno ftp error] 550 Failed to change directory.
Trying other mirror.
Error: Cannot open/read repomd.xml file for repository: clement
Fix is easy to baseurl, but again, why?
Hmmm, what that for a shit (sorry). That's totally unacceptable -- from
a legal standpoint and the technical standpoint, as it would result in a
great mess if each and every package would ship their own repo file.
(Not to mention the security implications this has.)
Could someone please remove clement-2.1-241 (the older one has no
repo-file afaics) from all the repos as quickly as possible
(extras-signers are CCed to this mail)? tia!
What to we do to prevent such shit in the future? Isn't this the second
time this problem comes up? Wasn't it clement in the first occurrence,
too? (Maintainer CCed, please comment)
CU
thl
--
fedora-extras-list mailing list
fedora-extras-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-extras-list
