How and when do updates of apps get into repos?
Kevin Kofler
kevin.kofler at chello.at
Mon Jun 8 14:15:10 UTC 2009
Jussi Lehtola wrote:
> Short answer: don't do it. A badly created RPM can botch your system.
Yes, and upstream RPMs tend to be badly-created. Some hints to recognize
quick&dirty RPMs:
* they try to support every RPM-based distribution under the sun (with the
same binary RPM),
* they are not provided in any sort of repository,
* they are not signed,
* installing them fires up some interactive installation wizard (but if you
only notice it at that point, you may already have gotten yourself into a
mess),
* there's no SRPM, the RPM is built directly from a tarball containing a
specfile,
* the specfile is autogenerated, either entirely or from some .spec.in file.
The more of these are true, the scarier the packaging is!
Kevin Kofler
More information about the fedora-list
mailing list