Re: clement is a yum repository?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2006-12-21 at 16:41 -0500, Jean-Marc Pigeon wrote:
> From my stand point the repos.d/clement
> 	is an anchor and it is our duty (as application designer)
> 	to provide legacy RPM. When doing a release we provide 
> 	clement's RPM from RH7.3 to FC6 and including Centos, RHEL
> 	and mandriva... 
Sure.  So on the clement website and download page you need to provide a
repo file or rpm that will install a yum repo.  This should not be in
the Fedora package.  Putting it in the Fedora is detrimental on a number
of counts.  Here's some off the top of my head:

1) Legality: Having a repo file that points to livna.org, for instance,
could put Fedora at risk of being sued for contributory infringement.

2) Accountability: Fedora cannot guarantee anything about the quality of
packages or the ability of the packages at the remote repository to work
with Fedora.  Just the existence of the repo file can break upgrades on
the users system.

3) Time: We're mostly volunteers.  Who wants to periodically check all
the repo files provided by any package to ensure they're disabled and
point to a repo that's only distributing legal items?

4) Usability of yum: What happens if 10% of our packages feel they need
to give yum an upstream repo file?  Suddenly, there's 100+ repo files
that yum has to deal with.  If they're all enabled then yum has to
download primary.xml files from all of them.

> 	tcpdump on FC6 is outdated, to have a reference
> 	to "enabled" in repos.d and reach a master site to grab 
> 	the latest version. would be nice... (up to me to enable
> 	this specific repos.d). 

This is not a good idea.  One job of a distribution is to produce a set
of packages that work together.  Giving the user a repos.d file to
download packages direct from upstream that replace the Fedora packages
interferes with this.  Another job is fixing security holes.  If we've
patched a hole locally but upstream hasn't made a release with the fix,
users of the upstream package are going to be running less secure code.

> 	Once again, adding this anchor within repos.d is not
> 	conceptually different than the "Source:" information 
> 	within spec file.

It is different.  Any file in repos.d is "live".  Even if it is
disabled, a user can run yum upgrade --enablerepo=buggykernel and get
the packages listed there.  Source: Just tells you where to look.

-Toshio

Attachment: signature.asc
Description: This is a digitally signed message part

-- 
fedora-extras-list mailing list
fedora-extras-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-extras-list

[Index of Archives]     [Fedora General Discussion]     [Fedora Art]     [Fedora Docs]     [Fedora Package Review]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite Backpacking]     [KDE Users]

  Powered by Linux