clement is a yum repository?
Jesse Keating
jkeating at redhat.com
Thu Dec 21 21:48:46 UTC 2006
On Thursday 21 December 2006 16:41, Jean-Marc Pigeon wrote:
> I am afraid saying "repos.d" is out of reach is too
> self-centric. As Fedora cycle are very short this will
> imply Fedora can't be use to run a real application server.
> Sharing my feeling...
The problem lies in dropping a repo that points to a location that Fedora
doesn't control. We can't protect against that location being compromised
and start sending out trojaned binaries to those who enable the repo. This
is the same reason why 'live updates' of software apps are discouraged, again
locations that Fedora doesn't control. For this reason alone I would
discourage and vote against allowing any package to drop another repo in
place, that wasn't a Fedora controlled repo.
--
Jesse Keating
Release Engineer: Fedora
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-extras-list/attachments/20061221/d066bd9c/attachment.sig>
More information about the fedora-extras-list
mailing list