Packaging 3-rd party repositories in rpmfusion
Alec Leamas
leamas.alec at gmail.com
Mon Feb 3 13:07:45 CET 2014
n 2/3/14, Xavier Bachelot <xavier at bachelot.org> wrote:
> On 02/03/2014 10:52 AM, Hans de Goede wrote:
>> Hi,
>>
>> On 02/03/2014 02:14 AM, Ralf Corsepius wrote:
>>> [2nd attempt to answer to this. My initial response from quite a while
>>> age seems to have gone lost.]
>>>
>>> On 01/29/2014 12:12 PM, Alec Leamas wrote:
>>>> Formally, this is about review request 3152 for dropbox-repo [1]. From
>>>> a more practical POV, it's about users being able to install software
>>>> like dropbox more or less "out of the box", an area where I think we
>>>> really need to improve (as can be seen in all those "Fedora XX post
>>>> installation guide" out there).
>>>>[cut]
>>>>
>>>> To handle this, my simple proposal is that we handles packaged yum
>>>> repositories like this:
>>>> - It's ok to package yum repositories listed in [4].
>>>> - If anyone wants to change the list in [4] this should be announced
>>>> here on rpmfusion-devel, and not done until we agree on it (similar to
>>>> how we handle bundling exceptions).
>>>>
>>>> Thoughts. out there?
>>>
>>> All in all, I am not OK with rpmfusion shipping other party's repos,
>>> because such repos are out of Fedora's/Rpmfusion's control/influence.
>>>
>>> They open up an arbitrary amount of opportunities for these 3rd
>>> parties to break, corrupt and damage Fedora installations (Package
>>> conflicts, low quality packages, malware, spyware,
>>> intruded/dead/broken 3rd party servers, etc), without Fedora/RPMfusion
>>> being able to do anything against it.
Noone is arguing for "an arbitrary amount of opportunities" , at least
not I. My overall idea is still that the overall rule should be that
external repo packaging is forbidden. But, like for bundling, there
should be exceptions.
>>> In other words, I'd recommend not doing so, because you guys are
>>> likely to be facing very tough times in cases something goes wrong
>>> with these "endorsed 3rd party repos".
>>
>> +1
>>
>> Regards,
>>
>> Hans
This is a valid concern, although I don't think it should be enough to
block any packaging attempt.
We could change things so that the files are shipped in /usr/whatever
and only "activated" i. e., copied to /etc/yum.repos.d after some
kind of dialog where user accepts this (perhaps with a warning text
like above). Would this improve the situation?
> I'm in agreement with Ralf too.
> imho, one of the biggest "selling point" for repositories like RPM
> Fusion is the insurance the Fedora packaging guidelines are enforced and
> thus the packages will integrate properly with the remaining of the
> ecosystem.
[cut]
More information about the rpmfusion-developers
mailing list