half baked idea for further baking: "fedora-ugly" repo

Matthew Miller mattdm at fedoraproject.org
Tue Feb 11 18:35:45 UTC 2014


On Tue, Feb 11, 2014 at 03:04:12PM +0100, Tadej Jane┼ż wrote:
> Generally, a big +1 from me for the idea.
[still tired from travel. longer reply later. deleting all of message
except the one point I want to respond to now...]

> I think we should define a small core policy (e.g. non-conflicting with
> packages in Fedora's main repo, no over-riding of packages in Fedora's
> main repo, licenses compatible with Fedora) and have an automated way to
> check and enforce it. Having a manual review process would unnecessarily
> slow the process of populating this repository.

I'm afraid that this becomes an easy route for malware into the distribution
if we don't have a human check. Obviously that can't be perfect either but
it raises the bar significantly.

-- 
Matthew Miller    --   Fedora Project    --    <mattdm at fedoraproject.org>


More information about the env-and-stacks mailing list