On Wed, May 23, 2012 at 2:12 AM, Markus Falb markus.falb@fasel.at wrote:
There are a lot of 3rd party repositories around, and my understanding is that the only sane way is not to trust a whole repository but only selected and therefore tested packages. Consequently though you will have to maintain your own repository.
But with EPEL and others with policies to not overwrite base packages, you won't get anything that you didn't explicitly install (assuming you trust them to follow their policy...).
There are repositories that might not have such policies. There are rpm downloads that are not yum-ified.
Agreed - and the most likely source of conflicts is when you have installed packages from 2 different 3rd party repositories or unrelated sources. Normally any single source will test against a stock RHEL base, but not other 3rd party packages, and when package dependencies change in future updates you have the potential for conflicts. Not even copying packages to your own repository can ensure that packages from multiple different sources will be able to track future updates without conflicts.
But, EPEL is fairly safe by itself and has a huge number of packages that are maintained pretty well.