[CentOS] Re: pm-utils - ATrpms updates a system package on the stable branch

Tue Jul 8 18:55:50 UTC 2008
Stephen John Smoogen <smooge at gmail.com>

On Tue, Jul 8, 2008 at 12:42 PM, Axel Thimm <Axel.Thimm at atrpms.net> wrote:
> On Tue, Jul 08, 2008 at 11:33:24AM -0700, Florin Andrei wrote:
>> Johnny Hughes wrote:
>>>
>>> Client filtering is not recommended by some people ... but highly
>>> recommended by others :-D
>>
>> It's a good idea on important systems - but then you shouldn't open
>> those machines to outside repositories anyway.
>>
>> But if you don't do client-side filtering, you're helping the
>> repositories to fix their problems and become cleaner. Everyone benefits
>> in the long run.
>>
>> There is no "one true answer to rule them all" in this case. Use
>> client-side filtering on the machines that must not break under any
>> circumstances. Relax the policy in the other cases. Use common sense.
>
> Just to present an example from Fedora: clamav within Fedora was and
> is considered rather cumbersome packaged and many users turn to 3rd
> party repos to get clamav installed.
>
> If you place a filtering upon them, then some clamav subpackages will
> come from the 3rd party repo and some from Fedora base leading to a
> system that will possibly allow viruses to pass by. So actually the
> filtering will be destabilizing your setup instead of protecting them.
>
> The true answer to this is cooperating/merged repos and we're
> targeting this on rpmrepo.org. Join up and be part of the solution :)

You might want to make some of the mailling lists public for people to
join up on :).



-- 
Stephen J Smoogen. -- BSD/GNU/Linux
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"