Re: clement is a yum repository?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2006-12-21 at 16:48 -0500, Jesse Keating wrote:
> On Thursday 21 December 2006 16:41, Jean-Marc Pigeon wrote:
> >         I am afraid saying "repos.d" is out of reach is too
> >         self-centric. As Fedora cycle are very short this will
> >         imply Fedora can't be use to run a real application server.
> >         Sharing my feeling...
> 
> The problem lies in dropping a repo that points to a location that Fedora 
> doesn't control.  We can't protect against that location being compromised 
> and start sending out trojaned binaries to those who enable the repo.  This 
> is the same reason why 'live updates' of software apps are discouraged, again 
> locations that Fedora doesn't control.  For this reason alone I would 
> discourage and vote against allowing any package to drop another repo in 
> place, that wasn't a Fedora controlled repo.

Seconded.  IMO, if you want to include a *.repo file, include it with
%doc in the package's documentation dir, not in place (not even if
disabled by default).

-- 
fedora-extras-list mailing list
fedora-extras-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-extras-list

[Index of Archives]     [Fedora General Discussion]     [Fedora Art]     [Fedora Docs]     [Fedora Package Review]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite Backpacking]     [KDE Users]

  Powered by Linux