On 02/03/2014 11:04 PM, Alec Leamas wrote:
On 2/3/14, Hans de Goede <j.w.r.degoede(a)gmail.com> wrote:
> On 02/03/2014 10:03 PM, Thorsten Leemhuis wrote:
>> On 03.02.2014 10:52, Hans de Goede wrote:
>>> On 02/03/2014 02:14 AM, Ralf Corsepius wrote: [...]
>>>> In other words, I'd recommend not doing so, because you guys are
>>>> likely to be facing very tough times in cases something goes
>>>> wrong with these "endorsed 3rd party repos".
>> RPM Fusion is something most Fedora users will enable, so IMHO it's
>> the ideal place to give users something at hand to reach software that
>> can't be in Fedora or RPM Fusion for various reasons â EURO " flash
>> for example.
On a sidenote, flash is already available as lpf-flash-plugin. But
that's another story.
>> Packages with repo files otoh might not be best way. I guess the best
>> way forward would be a small app that points out the risks and
>> explains that RPM Fusion is not responsible for content from other
>> repos; if the users ACks that let the app put repo file in place.
>> Just my 2 cent because I always wanted something like the above. Ohh,
>> and because my name came up recently in this discussion, as one of
>> those that was (is?) considered to be on the (inactive) RPM Fusion
>> steering committee. Might be wise to set up a new one. I'm fine if
>> those that are most active simply organize something and put it in
>> place, you have my blessing. If that's not enough: if you want a
>> official vote or something else from me just let me know when and
>> where to give what's needed ;-)
> +1 to all of the above, I too am fine with some app to enable
> additional repos or some such, I just don't like any form of
> "yum install" automatically enabling new out of our control
+1 also from me. I'll update system-config-repo to handle packaged
repos in a way forcing user to confirm the actual copying to
/etc/yum.repos.d before it's done. Shouldn't be a big deal, I've had
it in mind while hacking it up.
To clarify, this means that also I agree on that some magic enabling
of an external repo just by installing a package isn't really a good
+1 for system-config-repo, user interaction is much better than silent
enablement of repositories on package installation. I would just like a
feature to remove all packages coming from a given repo when it is
disabled by the user, in order not to left installed packages that will
not receive (security) updates anymore.
Also, iirc, some repos are providing packages with known security flaws.
While some users might need these repo/software for good or bad reasons,
they should be warned to be extra careful. I'm thinking of AcrobatReader
here, but there might be others.
Unless there is more input in this thread I will update
system-config repo and make corresponding changes to my review
request. Then we'll see if someone has the nerves the actually do the
Thanks for all input!