[CentOS-devel] including 3rd party repo release RPMs in Extras

Mon Mar 30 18:37:32 UTC 2015
Carl George <carl.george at RACKSPACE.COM>

Thanks everyone for the feedback so far.

Considering centosplus and other repos that replace packages directly (same name), I can modify the proposal to accommodate.  The biggest issues with this style of repo is that users typically blindly enable them, despite guidelines to the contrary from the repo maintainer.  I can change the proposal to state that this style of repo is allowed, but must be disabled, with comments about why it is disabled.  This may help prevent some users from blindly enabling it without understanding the consequences.

How does this phrasing work for yall?

* If the repository has the potential to replace stock packages when `yum update` is run, it must be disabled by default.
* If the repository is disabled by default, comments must be included in the repo file to explain why.

Carl George
Rackspace RPM Development

________________________________________
From: centos-devel-bounces at centos.org <centos-devel-bounces at centos.org> on behalf of Peter <peter at pajamian.dhs.org>
Sent: Saturday, March 28, 2015 10:40 PM
To: centos-devel at centos.org
Subject: Re: [CentOS-devel] including 3rd party repo release RPMs in Extras

On 03/29/2015 09:32 AM, Carl George wrote:
> https://gist.github.com/cgtx/b854281462a18007f509
>
> If this looks familiar, it's because I used the IUS SafeRepo
> Initiative as a starting point.  Please share your feedback and
> ideas.

Sure:

> Must not have the same name as a stock distribution package.

> Must not automatically install, upgrade, or replace stock
> distribution packages when the repository is enabled.

How do the above two rules affect a repository that is not enabled by
default but would end up replacing stock packages if it is enabled by
the user?  As an example, this would happen with CentOS's own centosplus
repository which is included in the centos-release package.

What about a 3rd-party group that distributes a .repo file with one repo
that is enabled by default which is intended (by policy) to not replace
stock packages, and another that comes disabled with explicit
instructions on how to enable it and use it (more or less) safely, the
latter being intended to replace stock packages?


Peter
_______________________________________________
CentOS-devel mailing list
CentOS-devel at centos.org
http://lists.centos.org/mailman/listinfo/centos-devel


Carl George
Rackspace RPM Development

________________________________________
From: centos-devel-bounces at centos.org <centos-devel-bounces at centos.org> on behalf of Peter <peter at pajamian.dhs.org>
Sent: Saturday, March 28, 2015 10:40 PM
To: centos-devel at centos.org
Subject: Re: [CentOS-devel] including 3rd party repo release RPMs in Extras

On 03/29/2015 09:32 AM, Carl George wrote:
> https://gist.github.com/cgtx/b854281462a18007f509
>
> If this looks familiar, it's because I used the IUS SafeRepo
> Initiative as a starting point.  Please share your feedback and
> ideas.

Sure:

> Must not have the same name as a stock distribution package.

> Must not automatically install, upgrade, or replace stock
> distribution packages when the repository is enabled.

How do the above two rules affect a repository that is not enabled by
default but would end up replacing stock packages if it is enabled by
the user?  As an example, this would happen with CentOS's own centosplus
repository which is included in the centos-release package.

What about a 3rd-party group that distributes a .repo file with one repo
that is enabled by default which is intended (by policy) to not replace
stock packages, and another that comes disabled with explicit
instructions on how to enable it and use it (more or less) safely, the
latter being intended to replace stock packages?


Peter
_______________________________________________
CentOS-devel mailing list
CentOS-devel at centos.org
http://lists.centos.org/mailman/listinfo/centos-devel