[CentOS-docs] Pull Request wiki.c.o/AdditionalResources/Repositories

Thu Jan 15 00:27:02 UTC 2015
PatrickD Garvey <patrickdgarveyt at gmail.com>

On Wed, Jan 14, 2015 at 3:51 PM, Trevor Hemsley
<trevor.hemsley at ntlworld.com> wrote:
> On 14/01/15 23:38, PatrickD Garvey wrote:
>> On Wed, Jan 14, 2015 at 3:26 PM, John R. Dennison <jrd at gerdesas.com> wrote:
>>> On Wed, Jan 14, 2015 at 03:09:01PM -0800, PatrickD Garvey wrote:
>>>> Proposal:
>>>> The Third Party Repositories section should not list any other repositories,
>>>> but should only note there are difficulties in making several independent
>>>> repositories safely usable and give a thorough explaination of what has happened
>>>> in the past without naming names.
>>> You are looking for problems to fix where there are none.  The overall state of
>>> that page is and has been fine for many years.  EL requires external third-
>>> party repos.  It has always been this way and it will always continue to
>>> be the case.  Your proposal to remove the listings that are there now
>>> serves no one and will only create more of a support burden on the
>>> people that are volunteering their time.
>>>                                                         John
>> I view your comments as an opportunity to understand an experience I
>> have yet to have. Please share which repository you use and how it
>> depends upon CentOS and how the CentOS community depends upon it.
>> I view the entire FLOSS community as interdependent. I hope to make
>> this page an asset for that interdependence. That's why I worked on
>> the link rot.
>> Karanbir seems to feel that certain phrases in the page unduly favor
>> some of the repositories and that requires an objective evaluation.
>> Please help us (me, especially) understand what we may be doing to the
>> detriment of your use of CentOS and thereby avoid that negative
>> result.
> That page is balance between coming right out and saying "This, that and
> the other repo eat babies and destroy systems, do not use them" without
> actually coming right out and saying that. There are repos that Do the
> Right Thing (tm) and do not blindly overwrite core packages from the
> CentOS repos. There are others that do. Some of the repos that overwrite
> core packages do so with little packages like sqlite (yum uses sqlite so
> changing the version of it is not a Good Thing for system stabilty).
> Other repos in that list have been effectively unmaintained for a number
> of years so they contain packages that may have severe unfixed security
> vulnerabilities.
> Now as far as the term "Community Approved" goes: I think it's fairly
> accurate and I'm not sure what the objection to it was. We have to have
> a way to say "These repos are ok" and "these suck" and "these suck worse
> than that". The way the page reads at the moment seems to me to strike a
> good balance between providing useful information and avoiding libel!
> Trevor

Thank you.

My understanding is the term "Community Approved" was a summation of opinions,
not an objectively measurable attribute and Karanbir wanted something
more objective.

I was trying to get us out of continually evaluating other repositories. How do
you choose which to add to the lists on the page? How do you even know
what exists
that may need to be added to the page? As it stands the list is a result of
experiences with several repositories. OK. Do we wait for an adverse experience
before we add another? Or do we give a good understanding how one evaluates a
repository and leave it up to the individual to make that evaluation and live
with the consequence?

In my experience with large corporations trying to work this out, it
was considered
best practice to support the positive and ignore the negative.
Customers are responsible
for their own choices. Positive guidance on how to select a good
solution can leverage
the qualities of your own product and not incur liabilities for
contestable, even if
legitimate, criticisms of particular alternatives. Saying "these suck"
and "these suck
worse" makes one liable for that opinion, even if one has an objective
technique for
that evaluation.

CentOS has some ways to bless the work of others, SIGs and spins. Join
us and we won't
just praise your work, we'll help it evolve.

Again, I'm looking for an understanding of your experience. This is
what I have learned to
this point. Let's move forward, even if that means leaving the article
as it is now.