clement is a yum repository?
Thorsten Leemhuis
fedora at leemhuis.info
Fri Dec 15 11:28:41 UTC 2006
On 15.12.2006 12:12, Paul Howarth wrote:
> Michael Schwendt wrote:
>> On Fri, 15 Dec 2006 08:29:55 +0100, Thorsten Leemhuis wrote:
>>>> ftp://ftp.safe.ca/pub/clement-2.1/repodata/repomd.xml: [Errno 4] IOError:
>>>> [Errno ftp error] 550 Failed to change directory.
>>>> Trying other mirror.
>>>> Error: Cannot open/read repomd.xml file for repository: clement
>>>> Fix is easy to baseurl, but again, why?
>>> Hmmm, what that for a shit (sorry). That's totally unacceptable -- from
>>> a legal standpoint and the technical standpoint, as it would result in a
>>> great mess if each and every package would ship their own repo file.
>>> (Not to mention the security implications this has.)
>>> Could someone please remove clement-2.1-241 (the older one has no
>>> repo-file afaics) from all the repos as quickly as possible
>>> (extras-signers are CCed to this mail)? tia!
>>> What to we do to prevent such shit in the future? Isn't this the second
>>> time this problem comes up? Wasn't it clement in the first occurrence,
>>> too? (Maintainer CCed, please comment)
>> Check this out!
>> https://www.redhat.com/archives/fedora-extras-commits/2006-November/msg02711.html
:-(
> So the maintainer tweaked their local copy of the spec, built an SRPM
> and used cvs-import.sh to import it, hence losing Tibbs' earlier fix
> that removed the repo file. Looks ignorant/careless rather than
> malicious to me.
Agreed, that's why I strongly dislike cvs-import.sh for anything else
other than the first import. I'd like to forbid using it for everything
else, but I know people like to use it. Maybe we should enhance it so it
displays the cvs diff with less before the actually commit? Sure, people
still can ignore it, but its still better than nothing.
CU
thl
More information about the fedora-extras-list
mailing list