ATrpms and FC5/RHEL5

Jeff Pitman jeff.pitman at gmail.com
Mon Jan 2 06:10:56 UTC 2006


On 1/2/06, Florin Andrei <florin at andrei.myip.org> wrote:
> On Mon, 2006-01-02 at 05:24 +0530, Rahul Sundaram wrote:
>
> > When users choose to use third party repositories they are in many cases
> > not aware that they are not just adding packages but also replacing
> > existing ones in their system which might be a divergence they desire.
> > The discussions initiated by one such user along with various posting in
> > fedora forum, user lists and irc channel is enough proof that the
> > problem exists.

(Offtopic: is anyone else's mail not picking up Rahul's list postings?
I've seen several responses to Rahul's email, however I haven't
received any from Rahul since 12/27 from fedora-devel. Odd...)

> This is currently the single most important problem with package
> repositories.

See Warren's posting: Core/Extras has no obligation to help the situation.

> It's the repositories hell, the vengeful progeny of the near-deceased
> RPM dependencies hell.

Not really. If it's "hell", don't use them. Pretty simple.

If you'd like to help improve 3rd party repos, file bugs and/or
patches to make the situation better. Also, participate in the mailing
lists that the 3rd party repos have setup.

And the situation is not synonymous with rpm dep hell, because with
apt/yum/smart you don't have to install a random rpm and then download
thirty other random rpms to satisfy deps. It's automatic. And if it's
broken, see last paragraph.

The issue is whether Core/Extras should protect base. Most of the 3rd
party repo people have chimed in with a unanimous thumb down. Some
have doubts about whether Core<->Extras migrations would work well.
And only a few have given this a thumbs up with vague explanations as
to why it should be default. Security being only a thin coverup for a
reason.

I say the idea, while it might be novel, is DOA. Especially w.r.t. to
"Core/Extras has no obligations to 3rd parties". So if there is no
obligation, then there is no need for protectbase.

--
-jeff




More information about the fedora-devel-list mailing list