"File Type" Buddy for Fedora 9?
Andrew Parker
andrewparker at bigfoot.com
Tue Nov 13 18:14:46 UTC 2007
On Nov 13, 2007 7:07 AM, David Timms <dtimms at iinet.net.au> wrote:
> Andrew Parker wrote:
> > repositories (a la yum) for the database. then files that couldn't be
> > opened by fedora rpms could be provided by other "repos".
>
> This would open fedora to all types of security problems because the
> fedoraproject is not able to control/vet/modify external repos - and
> hence this capability is specifically disallowed in the fedora packaging
> process.
>
> Having the current setup where a user goes to a web site, installs a
> x-release rpm, and then needs to accepting import of the repo's signing
> key means that it is the user who needs to decide whether they can trust
> repo x {which could do _anything_ on their machine}.
Sorry if I wrote was misleading, I intended it to work the same as yum
repos. i.e. as you say the user has to specifically add third party
repos themseleves.
More information about the fedora-devel-list
mailing list