[CentOS-docs] Pull Request wiki.c.o/AdditionalResources/Repositories

Wed Jan 14 23:51:54 UTC 2015
Trevor Hemsley <trevor.hemsley at ntlworld.com>

On 14/01/15 23:38, PatrickD Garvey wrote:
> On Wed, Jan 14, 2015 at 3:26 PM, John R. Dennison <jrd at gerdesas.com> wrote:
>> On Wed, Jan 14, 2015 at 03:09:01PM -0800, PatrickD Garvey wrote:
>>> Proposal:
>>> The Third Party Repositories section should not list any other repositories,
>>> but should only note there are difficulties in making several independent
>>> repositories safely usable and give a thorough explaination of what has happened
>>> in the past without naming names.
>> You are looking for problems to fix where there are none.  The overall state of
>> that page is and has been fine for many years.  EL requires external third-
>> party repos.  It has always been this way and it will always continue to
>> be the case.  Your proposal to remove the listings that are there now
>> serves no one and will only create more of a support burden on the
>> people that are volunteering their time.
>>
>>                                                         John
> I view your comments as an opportunity to understand an experience I
> have yet to have. Please share which repository you use and how it
> depends upon CentOS and how the CentOS community depends upon it.
>
> I view the entire FLOSS community as interdependent. I hope to make
> this page an asset for that interdependence. That's why I worked on
> the link rot.
>
> Karanbir seems to feel that certain phrases in the page unduly favor
> some of the repositories and that requires an objective evaluation.
>
> Please help us (me, especially) understand what we may be doing to the
> detriment of your use of CentOS and thereby avoid that negative
> result.

That page is balance between coming right out and saying "This, that and
the other repo eat babies and destroy systems, do not use them" without
actually coming right out and saying that. There are repos that Do the
Right Thing (tm) and do not blindly overwrite core packages from the
CentOS repos. There are others that do. Some of the repos that overwrite
core packages do so with little packages like sqlite (yum uses sqlite so
changing the version of it is not a Good Thing for system stabilty).
Other repos in that list have been effectively unmaintained for a number
of years so they contain packages that may have severe unfixed security
vulnerabilities.

Now as far as the term "Community Approved" goes: I think it's fairly
accurate and I'm not sure what the objection to it was. We have to have
a way to say "These repos are ok" and "these suck" and "these suck worse
than that". The way the page reads at the moment seems to me to strike a
good balance between providing useful information and avoiding libel!

Trevor