[Bug 226377] Merge Review: rpm
Tom "spot" Callaway
tcallawa at redhat.com
Fri Aug 24 18:04:14 UTC 2007
On Fri, 2007-08-24 at 13:52 -0400, Jesse Keating wrote:
> On Fri, 24 Aug 2007 19:46:48 +0200
> Axel Thimm <Axel.Thimm at ATrpms.net> wrote:
>
> > That sounds more like using the tarball though. If a software's use is
> > only restricted to looking onto it in a chroot or perform limited
> > operation with is as to not shoot away the rest of the system it
> > should not be a yum install bomb away from your fingertipps (well, not
> > your, but the users')
>
> Again, if it is made to live completely outside the range of the system
> yum and not to interact at all with any thing that uses rpmlib, how can
> it "bomb" your system? The value would be that it's pre-compiled for
> our distro, it passes our guidelines for packaging quality, and given
> our constraints people can be confident that using rpm5 to play around
> with that fork won't "bomb" their system as it's being forced to be
> sufficiently walled off from the rest of the system. Just chucking a
> tarball at people or forcing it to live in some other repo is just
> invitation to have it be actively hostile toward your system should you
> install it, or fail to get the compile flags right, or whatever else.
Even with a separate database, it will overwrite the files on the system
when rpm5 does an install/update transaction, and the rpm.org db (the
system database) will not reflect these changes.
BOOM.
~spot
More information about the advisory-board
mailing list