On 2/3/14, Ankur Sinha <sanjay.ankur(a)gmail.com> wrote:
[cut]
One concern is that some of the rpms that third parties provide do
ship
their own repo files. So, after the user installs a package, he might
end up with two repo files? We'll have to use proper conflicts in the
specs. What about GPG keys? (The adobe-release package ships a repo file
and a GPG key.)
There are already examples in system-config-repo usptream [ยก] dealing
with the situation when the repo file is already in place. See e. g.,
the adobe example in the non-free respo (devel branch)
If we do go down this path, I'd also suggest that we include a
README
file with each such package that clearly states:
- this is only a repo file
- it just points you to the repository hosted by the third party
- you're getting the software directly from the vendors repository
- it is only for convenience
- we cannot support bug/feature requests; they go upstream (or wherever)
- the source code of this software is not available. Please use at your
own risk, i.e., you trust the developer.
Perhaps. Or force user to accept use of the repo prior to usage. See
my previous reply to Hans and Ralph.
Lastly, we may need to speak to the third party devs and confirm if
it's
OK to ship their repo files in the first place?
Don't think this is a concern. Normally, there is an upstream manual
howto describing how to create this file, and if we automate this that
should not be an issue. If they offer public access to their repo that
should be enough IMHO.
Cheers!
--alec
[1]
https://github.com/leamas/system-config-repo