On Tue, Jul 08, 2008 at 12:17:58PM -0500, Lanny Marcus wrote:
> On Tue, Jul 8, 2008 at 9:50 AM, Johnny Hughes <
jhughes@hughesjr.com> wrote:
>
> > Axel Thimm wrote:
> >
> >> On Mon, Jul 07, 2008 at 04:20:30PM -0600, Kenneth Burgener wrote:
> >>
> >>> On 7/7/2008 2:26 PM, Scott Silva wrote:
> >>>
> >>>> on 7-7-2008 12:45 PM Kenneth Burgener spake the following:
> >>>>
> >>>>> "The CentOS 5/RHEL 5 repository from
atrpms.net is safe to use, if you
> >>>>> only use the stable version. Packages in there do not overwrite system
> >>>>> packages." [1]
> >>>>>
> >>>>> [1]
http://wiki.centos.org/AdditionalResources/Repositories/
> >>>>>
> >>>> You need to use the priorities plugin if you are going to use 3rd party
> >>>> repos. There is no other safe way about it.
> >>>>
> >>>
> >> Using client side filtering is not recommended, it creates more bugs,
> >> than it can solve. The proper thing is to take care of it on the
> >> server side, where the package owners are supposed to know how to
> >> structure the repos.
> >>
> >
> > Client filtering is not recommended by some people ... but highly
> > recommended by others :-D
> >
> > I would be one of the highly recommended votes
> >
>
> If you want to protect your box, use priorities, as Johnny and many
> others here recommend.. Nobody else is going to protect your box for
> you. You set the priorities and you protect it. To be polite, I
> believe the 4 line blurb above, about client side filtering is
> B.S. It is your box, it is your job to protect your box. Do not
> trust anyone else to protect your box, whether it is security
> related or related to repos for packages.