On Thu, 2006-12-21 at 16:41 -0500, Jean-Marc Pigeon wrote: > From my stand point the repos.d/clement > is an anchor and it is our duty (as application designer) > to provide legacy RPM. When doing a release we provide > clement's RPM from RH7.3 to FC6 and including Centos, RHEL > and mandriva... Sure. So on the clement website and download page you need to provide a repo file or rpm that will install a yum repo. This should not be in the Fedora package. Putting it in the Fedora is detrimental on a number of counts. Here's some off the top of my head: 1) Legality: Having a repo file that points to livna.org, for instance, could put Fedora at risk of being sued for contributory infringement. 2) Accountability: Fedora cannot guarantee anything about the quality of packages or the ability of the packages at the remote repository to work with Fedora. Just the existence of the repo file can break upgrades on the users system. 3) Time: We're mostly volunteers. Who wants to periodically check all the repo files provided by any package to ensure they're disabled and point to a repo that's only distributing legal items? 4) Usability of yum: What happens if 10% of our packages feel they need to give yum an upstream repo file? Suddenly, there's 100+ repo files that yum has to deal with. If they're all enabled then yum has to download primary.xml files from all of them. > tcpdump on FC6 is outdated, to have a reference > to "enabled" in repos.d and reach a master site to grab > the latest version. would be nice... (up to me to enable > this specific repos.d). This is not a good idea. One job of a distribution is to produce a set of packages that work together. Giving the user a repos.d file to download packages direct from upstream that replace the Fedora packages interferes with this. Another job is fixing security holes. If we've patched a hole locally but upstream hasn't made a release with the fix, users of the upstream package are going to be running less secure code. > Once again, adding this anchor within repos.d is not > conceptually different than the "Source:" information > within spec file. It is different. Any file in repos.d is "live". Even if it is disabled, a user can run yum upgrade --enablerepo=buggykernel and get the packages listed there. Source: Just tells you where to look. -Toshio
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-extras-list mailing list fedora-extras-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-extras-list
