clement is a yum repository?
Jean-Marc Pigeon
jmp at safe.ca
Thu Dec 21 22:04:36 UTC 2006
On Thu, 2006-12-21 at 23:59 +0200, Ville Skyttä wrote:
> On Thu, 2006-12-21 at 16:48 -0500, Jesse Keating wrote:
> > On Thursday 21 December 2006 16:41, Jean-Marc Pigeon wrote:
> > > I am afraid saying "repos.d" is out of reach is too
> > > self-centric. As Fedora cycle are very short this will
> > > imply Fedora can't be use to run a real application server.
> > > Sharing my feeling...
> >
> > The problem lies in dropping a repo that points to a location that Fedora
> > doesn't control. We can't protect against that location being compromised
> > and start sending out trojaned binaries to those who enable the repo. This
> > is the same reason why 'live updates' of software apps are discouraged, again
> > locations that Fedora doesn't control. For this reason alone I would
> > discourage and vote against allowing any package to drop another repo in
> > place, that wasn't a Fedora controlled repo.
>
> Seconded. IMO, if you want to include a *.repo file, include it with
> %doc in the package's documentation dir, not in place (not even if
> disabled by default).
>
Ok... Please could you tell us more?
More information about the fedora-extras-list
mailing list