Packaging 3-rd party repositories in rpmfusion

Hans de Goede j.w.r.degoede at gmail.com
Mon Feb 3 10:52:47 CET 2014 

Hi,

On 02/03/2014 02:14 AM, Ralf Corsepius wrote:
> [2nd attempt to answer to this. My initial response from quite a while age seems to have gone lost.]
>
> On 01/29/2014 12:12 PM, Alec Leamas wrote:
>> Formally, this is about review request 3152 for dropbox-repo [1]. From
>> a more practical POV, it's about users being able to install software
>> like dropbox more or less "out of the box", an area where I think we
>> really need to improve (as can be seen in all those "Fedora XX post
>> installation guide" out there).
>>
>> My basic understanding is that current Fedora guidelines needs a
>> interpretation in the rpmfusion context. Those brand new GL for 3-rd
>> party repos are in [2] (discussions in [3]). For now, I think they can
>> be abridged to:
>> - Non-free repos can not be part of Fedora yum configuration.
>> - In some cases free repos can be part of the configuration after
>> FESCO/Fedora legal approval.
>>
>> Now, IMHO this doesn't really make much sense for rpmfusion for three reasons:
>> - rpmfusion does not ban non-free software, it's one of the very
>> reasons it exists.
>> - FESCO/Fedora legal cannot approve anything in rpmfusion.
>> - We already have a list of endorsed 3-rd party repos [4].
>>
>> To handle this, my simple proposal is that we handles packaged yum
>> repositories like this:
>> - It's ok to package yum repositories listed in [4].
>> - If anyone wants to change the list in [4] this should be announced
>> here on rpmfusion-devel, and not done until we agree on it (similar to
>> how we handle bundling exceptions).
>>
>> Thoughts. out there?
>
> All in all, I am not OK with rpmfusion shipping other party's repos, because such repos are out of Fedora's/Rpmfusion's control/influence.
>
> They open up an arbitrary amount of opportunities for these 3rd parties to break, corrupt and damage Fedora installations (Package conflicts, low quality packages, malware, spyware, intruded/dead/broken 3rd party servers, etc), without Fedora/RPMfusion being able to do anything against it.
>
> In other words, I'd recommend not doing so, because you guys are likely to be facing very tough times in cases something goes wrong with these "endorsed 3rd party repos".

+1

Regards,

Hans

More information about the rpmfusion-developers mailing list