half baked idea for further baking: "fedora-ugly" repo
Matthew Miller
mattdm at fedoraproject.org
Tue Feb 11 18:35:45 UTC 2014
On Tue, Feb 11, 2014 at 03:04:12PM +0100, Tadej Janež wrote:
> Generally, a big +1 from me for the idea.
[still tired from travel. longer reply later. deleting all of message
except the one point I want to respond to now...]
> I think we should define a small core policy (e.g. non-conflicting with
> packages in Fedora's main repo, no over-riding of packages in Fedora's
> main repo, licenses compatible with Fedora) and have an automated way to
> check and enforce it. Having a manual review process would unnecessarily
> slow the process of populating this repository.
I'm afraid that this becomes an easy route for malware into the distribution
if we don't have a human check. Obviously that can't be perfect either but
it raises the bar significantly.
--
Matthew Miller -- Fedora Project -- <mattdm at fedoraproject.org>
More information about the env-and-stacks
mailing list