On Thu, 2006-12-21 at 23:59 +0200, Ville Skyttä wrote: > On Thu, 2006-12-21 at 16:48 -0500, Jesse Keating wrote: > > On Thursday 21 December 2006 16:41, Jean-Marc Pigeon wrote: > > > I am afraid saying "repos.d" is out of reach is too > > > self-centric. As Fedora cycle are very short this will > > > imply Fedora can't be use to run a real application server. > > > Sharing my feeling... > > > > The problem lies in dropping a repo that points to a location that Fedora > > doesn't control. We can't protect against that location being compromised > > and start sending out trojaned binaries to those who enable the repo. This > > is the same reason why 'live updates' of software apps are discouraged, again > > locations that Fedora doesn't control. For this reason alone I would > > discourage and vote against allowing any package to drop another repo in > > place, that wasn't a Fedora controlled repo. > > Seconded. IMO, if you want to include a *.repo file, include it with > %doc in the package's documentation dir, not in place (not even if > disabled by default). > Ok... Please could you tell us more? -- fedora-extras-list mailing list fedora-extras-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-extras-list
