"File Type" Buddy for Fedora 9?
David Timms
dtimms at iinet.net.au
Tue Nov 13 12:07:26 UTC 2007
Andrew Parker wrote:
> repositories (a la yum) for the database. then files that couldn't be
> opened by fedora rpms could be provided by other "repos".
This would open fedora to all types of security problems because the
fedoraproject is not able to control/vet/modify external repos - and
hence this capability is specifically disallowed in the fedora packaging
process.
Having the current setup where a user goes to a web site, installs a
x-release rpm, and then needs to accepting import of the repo's signing
key means that it is the user who needs to decide whether they can trust
repo x {which could do _anything_ on their machine}.
DaveT.
More information about the fedora-devel-list
mailing list