PackageKit Misconceptions

[Jeff Spaleta]

On 8/22/07, Owen Taylor <otaylor at redhat.com> wrote:
> So you wouldn't be endorsing Joe Smith's Package Repository at all,

Putting aside the debate of popularity != safety for the time being....

We don't have to "endorse" to run afoul of legal issues. Merely
helping users compile a list of any 3rd party repositories is
potentially off-limits.
Can you point to anything we are doing right now, where we make any
effort at all to comprehensively list 3rd party repositories inside
the official fedora project space.. even in the wiki.. even without
using urls? My understanding is that we aren't even allowed to do
that.

Even a simple list of repository entities, with absolutely no
contextual information concern the quality or scope of their contents,
may be beyond the bounds of what we are allowed to provide. Any
reputation system inherently involves making such a list and then
adding contextual information.  "This repo exists" maybe a statement
that is beyond what we are capable of saying in any official capacity.

-jef"hopes we can implement this, so I can game the system and make my
repository of deliberately malformed packages appear to be safe by
installing 100,000 or so virtual machines and give them all unique
smolt ids and have a bug tracker that reports back zero bugs found
against all queries"spaleta