On Tue, Jul 8, 2008 at 9:50 AM, Johnny Hughes <jhughes@hughesjr.com> wrote:
Axel Thimm wrote:
On Mon, Jul 07, 2008 at 04:20:30PM -0600, Kenneth Burgener wrote:
On 7/7/2008 2:26 PM, Scott Silva wrote:
on 7-7-2008 12:45 PM Kenneth Burgener spake the following:
"The CentOS 5/RHEL 5 repository from atrpms.net is safe to use, if you only use the stable version. Packages in there do not overwrite system packages." [1]

[1] http://wiki.centos.org/AdditionalResources/Repositories/
You need to use the priorities plugin if you are going to use 3rd party repos. There is no other safe way about it.

Using client side filtering is not recommended, it creates more bugs,
than it can solve. The proper thing is to take care of it on the
server side, where the package owners are supposed to know how to
structure the repos.

Client filtering is not recommended by some people ... but highly recommended by others :-D

I would be one of the highly recommended votes

If you want to protect your box, use priorities, as Johnny and many others here recommend.. Nobody else is going to protect your box for you. You set the priorities and you protect it. To be polite, I believe the 4 line blurb above, about  client side filtering is B.S. It is your box, it is your job to protect your box.  Do not trust anyone else to protect  your box, whether it is security related or related to repos for packages.