[Bug 226377] Merge Review: rpm

[Jesse Keating]

On Fri, 24 Aug 2007 19:46:48 +0200
Axel Thimm <Axel.Thimm at ATrpms.net> wrote:

> That sounds more like using the tarball though. If a software's use is
> only restricted to looking onto it in a chroot or perform limited
> operation with is as to not shoot away the rest of the system it
> should not be a yum install bomb away from your fingertipps (well, not
> your, but the users')

Again, if it is made to live completely outside the range of the system
yum and not to interact at all with any thing that uses rpmlib, how can
it "bomb" your system?  The value would be that it's pre-compiled for
our distro, it passes our guidelines for packaging quality, and given
our constraints people can be confident that using rpm5 to play around
with that fork won't "bomb" their system as it's being forced to be
sufficiently walled off from the rest of the system.  Just chucking a
tarball at people or forcing it to live in some other repo is just
invitation to have it be actively hostile toward your system should you
install it, or fail to get the compile flags right, or whatever else.

Having it in the distro I think is a lot more protection than keeping
it out.  At least this way we can dictate how it interacts and can tell
people that if they want to play with rpm5 it's already in and they
don't have to muck with compiling it themselves or getting otherwise
unchecked quality builds and ruining their system.

(and this is all technical discussion, not a single thought to the
political in this reply)

-- 
Jesse Keating
Fedora -- All my bits are free, are yours?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/advisory-board/attachments/20070824/4bfa89de/attachment.bin