On Mon, 2007-01-08 at 06:20 +0900, John Summerfield wrote: > Stephen John Smoogen wrote: > > On 1/7/07, John Summerfield <debian at herakles.homelinux.org> wrote: > > > >> Fabian Arrotin wrote: > >> > On Fri, 2007-01-05 at 15:10 -0500, David A. Woyciesjes wrote: > >> > > >> >> A bit of a new guy around these parts... > >> >> > >> >> I've done a bit of looking, and haven't found any newbie-friendly > >> >>instructions on how to add the Dag repository to my CentOS4 box. Could > >> >>somebody help me out and point me in the right direction? Thanks... > >> >> > >> > > >> > Have searched on the wiki ? : > >> > http://wiki.centos.org/Repositories/RPMForge > >> > > >> > >> > >> Some time ago, when I was using Debian/Woody, and Woody was creaking > >> with age, I added third-party repos for various things including newer > >> KDE, Mozilla.... > >> > >> It later occurred to me this was imprudent, and not just because I got a > >> system that became hard to maintain. What, I asked, was there to prevent > >> the maintainers of the KDE debs to insert a brummy kernel? > >> > >> I asked, and the answer is that apt-get has the ability to control (it's > >> called pinning) what comes from where. > >> > > > > You can install the yum-protectbase rpm as a starter. You then say > > "protect the rpms in this base". Someone could write a more > > complicated one (per package protection), or they could write another > > plugin that did weighting so you could select which archives have > > precedence over others. > > In the interests of security, this needs to be made standard behaviour, > with the standard repos protected. > > A more likely example than mine someone polluting their repos with good > intent. For examile, Ximian (We can do Gnome better than Red Hat can), > or someone packaging content management software (eg phpgroupware, > egroupware, ezpublish [ez.no]) and providing "everything you need." > > Their package for RHEL requires PHP5 & MySQL 5, so they just pop PHP5 & > MySQL5 into the repo "for your greater convenience." This is available already. There is yum-plugin-priorities. You can set a priority from 1-99 on each repository ... and also use "exclude=" and "includepkgs=" inside each repository to pinpoint control of where each individual package comes from. See: http://wiki.centos.org/PackageManagement/Yum Links off that page for Priorities, Fastestmirror, and Protectbase. (You should choose EITHER protectbase or priorities ... I use priorities). All those plugins are easily installable ... set plugins=1 in /etc/yum.conf and then modify the /etc/yum.repos.d/*.repo file to your liking. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://lists.centos.org/pipermail/centos/attachments/20070108/b81e70e4/attachment-0005.sig>