Thanks everyone for the feedback so far. Considering centosplus and other repos that replace packages directly (same name), I can modify the proposal to accommodate. The biggest issues with this style of repo is that users typically blindly enable them, despite guidelines to the contrary from the repo maintainer. I can change the proposal to state that this style of repo is allowed, but must be disabled, with comments about why it is disabled. This may help prevent some users from blindly enabling it without understanding the consequences. How does this phrasing work for yall? * If the repository has the potential to replace stock packages when `yum update` is run, it must be disabled by default. * If the repository is disabled by default, comments must be included in the repo file to explain why. Carl George Rackspace RPM Development ________________________________________ From: centos-devel-bounces at centos.org <centos-devel-bounces at centos.org> on behalf of Peter <peter at pajamian.dhs.org> Sent: Saturday, March 28, 2015 10:40 PM To: centos-devel at centos.org Subject: Re: [CentOS-devel] including 3rd party repo release RPMs in Extras On 03/29/2015 09:32 AM, Carl George wrote: > https://gist.github.com/cgtx/b854281462a18007f509 > > If this looks familiar, it's because I used the IUS SafeRepo > Initiative as a starting point. Please share your feedback and > ideas. Sure: > Must not have the same name as a stock distribution package. > Must not automatically install, upgrade, or replace stock > distribution packages when the repository is enabled. How do the above two rules affect a repository that is not enabled by default but would end up replacing stock packages if it is enabled by the user? As an example, this would happen with CentOS's own centosplus repository which is included in the centos-release package. What about a 3rd-party group that distributes a .repo file with one repo that is enabled by default which is intended (by policy) to not replace stock packages, and another that comes disabled with explicit instructions on how to enable it and use it (more or less) safely, the latter being intended to replace stock packages? Peter _______________________________________________ CentOS-devel mailing list CentOS-devel at centos.org http://lists.centos.org/mailman/listinfo/centos-devel Carl George Rackspace RPM Development ________________________________________ From: centos-devel-bounces at centos.org <centos-devel-bounces at centos.org> on behalf of Peter <peter at pajamian.dhs.org> Sent: Saturday, March 28, 2015 10:40 PM To: centos-devel at centos.org Subject: Re: [CentOS-devel] including 3rd party repo release RPMs in Extras On 03/29/2015 09:32 AM, Carl George wrote: > https://gist.github.com/cgtx/b854281462a18007f509 > > If this looks familiar, it's because I used the IUS SafeRepo > Initiative as a starting point. Please share your feedback and > ideas. Sure: > Must not have the same name as a stock distribution package. > Must not automatically install, upgrade, or replace stock > distribution packages when the repository is enabled. How do the above two rules affect a repository that is not enabled by default but would end up replacing stock packages if it is enabled by the user? As an example, this would happen with CentOS's own centosplus repository which is included in the centos-release package. What about a 3rd-party group that distributes a .repo file with one repo that is enabled by default which is intended (by policy) to not replace stock packages, and another that comes disabled with explicit instructions on how to enable it and use it (more or less) safely, the latter being intended to replace stock packages? Peter _______________________________________________ CentOS-devel mailing list CentOS-devel at centos.org http://lists.centos.org/mailman/listinfo/centos-devel