[CentOS] Re: pm-utils - ATrpms updates a system package on the stable branch

Tue Jul 8 17:17:58 UTC 2008
Lanny Marcus <lmmailinglists at gmail.com>

On Tue, Jul 8, 2008 at 9:50 AM, Johnny Hughes <jhughes at hughesjr.com> wrote:

> Axel Thimm wrote:
>
>> On Mon, Jul 07, 2008 at 04:20:30PM -0600, Kenneth Burgener wrote:
>>
>>> On 7/7/2008 2:26 PM, Scott Silva wrote:
>>>
>>>> on 7-7-2008 12:45 PM Kenneth Burgener spake the following:
>>>>
>>>>> "The CentOS 5/RHEL 5 repository from atrpms.net is safe to use, if you
>>>>> only use the stable version. Packages in there do not overwrite system
>>>>> packages." [1]
>>>>>
>>>>> [1] http://wiki.centos.org/AdditionalResources/Repositories/
>>>>>
>>>> You need to use the priorities plugin if you are going to use 3rd party
>>>> repos. There is no other safe way about it.
>>>>
>>>
>> Using client side filtering is not recommended, it creates more bugs,
>> than it can solve. The proper thing is to take care of it on the
>> server side, where the package owners are supposed to know how to
>> structure the repos.
>>
>
> Client filtering is not recommended by some people ... but highly
> recommended by others :-D
>
> I would be one of the highly recommended votes
>

If you want to protect your box, use priorities, as Johnny and many others
here recommend.. Nobody else is going to protect your box for you. You set
the priorities and you protect it. To be polite, I believe the 4 line blurb
above, about  client side filtering is B.S. It is your box, it is your job
to protect your box.  Do not trust anyone else to protect  your box, whether
it is security related or related to repos for packages.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20080708/55374394/attachment-0005.html>