[CentOS] Creating a Centos endorsed 3rd part repo

Fri May 20 16:11:58 UTC 2011
Ljubomir Ljubojevic <office at plnet.rs>

Keith Roberts wrote:
  > OK. I am listening to all your comments. My repo would be
> using dependencies probably from the other centos repos, 
> like ATrpms, remi, EPEL, et al. If they needed any that is.

If you need to rely on other third party repos, and you are set on 
intent to have your own repo, then you will need your own release 
package and you might find necessity to distribute yum configuration 
files for other repositories with priority plugin enabled (like I did 
for my repo) and create security nightmare and distrust of general 
public, or to create installation script like virtualmin/webmin does.

I created the set of release packages and a script that backups current 
set of yum config files and replaces them with config files created for 
particular use.

For example, for use on servers I compiled main centOS repositories 
including CentOS Plus, EPEL, and several of my own repositories. For 
desktop users I added ATrpms, RPMForge and few others like adobe and 
pidgin repositories. But all of those yum config files are created by 
me, not by the repo owners and I have excluded all of the their release 
files including CentOS release files.

I had to create text database file from witch I pull data and create 
sets of yum config files with inserted exclude and priority lines. Other 
option was to change yum config files for those repos by I decided this 
is easiest and safe for the user, but he has to trust that I will not 
redirect him to unsafe site with fake repository. That is why I haven't 
bothered with signing and was satisfied to use my repositories on system 
I maintain.