How and when do updates of apps get into repos?
Kevin Kofler
kevin.kofler at chello.at
Mon Jun 8 14:15:10 UTC 2009
Jussi Lehtola wrote:
> Short answer: don't do it. A badly created RPM can botch your system.
Yes, and upstream RPMs tend to be badly-created. Some hints to recognize
quick&dirty RPMs:
* they try to support every RPM-based distribution under the sun (with the
same binary RPM),
* they are not provided in any sort of repository,
* they are not signed,
* installing them fires up some interactive installation wizard (but if you
only notice it at that point, you may already have gotten yourself into a
mess),
* there's no SRPM, the RPM is built directly from a tarball containing a
specfile,
* the specfile is autogenerated, either entirely or from some .spec.in file.
The more of these are true, the scarier the packaging is!
Kevin Kofler
More information about the users
mailing list