Packaging 3-rd party repositories in rpmfusion

Alec Leamas leamas.alec at
Mon Feb 3 13:07:45 CET 2014

n 2/3/14, Xavier Bachelot <xavier at> wrote:
> On 02/03/2014 10:52 AM, Hans de Goede wrote:
>> Hi,
>> On 02/03/2014 02:14 AM, Ralf Corsepius wrote:
>>> [2nd attempt to answer to this. My initial response from quite a while
>>> age seems to have gone lost.]
>>> On 01/29/2014 12:12 PM, Alec Leamas wrote:
>>>> Formally, this is about review request 3152 for dropbox-repo [1]. From
>>>> a more practical POV, it's about users being able to install software
>>>> like dropbox more or less "out of the box", an area where I think we
>>>> really need to improve (as can be seen in all those "Fedora XX post
>>>> installation guide" out there).
>>>> To handle this, my simple proposal is that we handles packaged yum
>>>> repositories like this:
>>>> - It's ok to package yum repositories listed in [4].
>>>> - If anyone wants to change the list in [4] this should be announced
>>>> here on rpmfusion-devel, and not done until we agree on it (similar to
>>>> how we handle bundling exceptions).
>>>> Thoughts. out there?
>>> All in all, I am not OK with rpmfusion shipping other party's repos,
>>> because such repos are out of Fedora's/Rpmfusion's control/influence.
>>> They open up an arbitrary amount of opportunities for these 3rd
>>> parties to break, corrupt and damage Fedora installations (Package
>>> conflicts, low quality packages, malware, spyware,
>>> intruded/dead/broken 3rd party servers, etc), without Fedora/RPMfusion
>>> being able to do anything against it.

Noone is arguing for "an arbitrary amount of opportunities" , at least
not I. My overall idea is still that the overall rule should be that
external repo packaging is forbidden. But, like for bundling, there
should be exceptions.

>>> In other words, I'd recommend not doing so, because you guys are
>>> likely to be facing very tough times in cases something goes wrong
>>> with these "endorsed 3rd party repos".
>> +1
>> Regards,
>> Hans

This is a valid concern, although I don't think it should be enough to
block any packaging attempt.

We could change things so that the files are shipped in /usr/whatever
and only "activated" i. e., copied to /etc/yum.repos.d  after some
kind of dialog where user accepts this (perhaps with a warning text
like above). Would this improve the situation?

> I'm in agreement with Ralf too.
> imho, one of the biggest "selling point" for repositories like RPM
> Fusion is the insurance the Fedora packaging guidelines are enforced and
> thus the packages will integrate properly with the remaining of the
> ecosystem.

More information about the rpmfusion-developers mailing list