ESR: Goodbye Fedora
Sam Varshavchik
mrsam at courier-mta.com
Thu Feb 22 01:31:36 UTC 2007
M. Fioretti writes:
>> There's no technical reason why an rpm file cannot include the URL of any
>> repositories that provide packages any needed dependencies, together with
>> the repositories' keys.
>
> I like the concept, but for some reason which I can't point out before
> sleeping I have the _feeling_ that there is some practical reason why
> this wouldn't work in real life. But maybe I'm just sleepy.
I've thought about this -- there is one situation where this model breaks
down. This model depends on everyone using different package names. If two
repos build a different package and use the same name for both of them, this
model is going to break down.
It is necessary to have some measure of self-discipline here, and people
need to keep within their own boundaries, and not stick their nose where it
doesn't belong. But I do not believe that it is a big concern. People
running third party repos right now already exhibit discipline. Everyone
else depends on them, and basically gives them carte-blanche to install
arbitrary software on their own machines. That's a lot of trust, and, over
the past couple of years we didn't really have many instances of this trust
being abused.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20070221/85197cc0/attachment-0002.bin
More information about the users
mailing list