On Thu, 2006-12-21 at 16:48 -0500, Jesse Keating wrote: > On Thursday 21 December 2006 16:41, Jean-Marc Pigeon wrote: > > I am afraid saying "repos.d" is out of reach is too > > self-centric. As Fedora cycle are very short this will > > imply Fedora can't be use to run a real application server. > > Sharing my feeling... > > The problem lies in dropping a repo that points to a location that Fedora > doesn't control. We can't protect against that location being compromised > and start sending out trojaned binaries to those who enable the repo. This > is the same reason why 'live updates' of software apps are discouraged, again > locations that Fedora doesn't control. For this reason alone I would > discourage and vote against allowing any package to drop another repo in > place, that wasn't a Fedora controlled repo. Seconded. IMO, if you want to include a *.repo file, include it with %doc in the package's documentation dir, not in place (not even if disabled by default). -- fedora-extras-list mailing list fedora-extras-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-extras-list