Am Sonntag, den 12.02.2017, 17:17 +0100 schrieb Richard Brown:
Olaf, your advice only holds true if you trust the admin of the home repo more than the admin of Mozilla and the admin for Packman more than the admins of Tumbleweed.
Note the "whatever you want the stacking to be". "you == bjoernv". Since its spring time in a few weeks, its probably time to wade through populare repos and wipe packages and/or binaries which are already in Factory, at least for the "openSUSE_Tumbleweed" targets.
I can count the people who's home repo I would trust to that degree on one hand, and even then I'd discuss with them a better solution than using their home repo.
User "bjoernv" can trust contents of its own "home:bjoernv".
Mozilla, sure, MAYBE, would be the one repo in your list that I would consider given a higher priority for, because Wolfgang knows what he's doing and he's earned that trust and shown his capability to maintainer repositories properly with Evergreen.
This is what Björn had or has in its repo list, so its up to him to decide if he wants or needs packages from there. Neither my nor your call to decide that.
But packman, seriously? I hate to be so overly critical but the administration of Packman has been a joke for years, with terrible ill informed decisions made by the maintainers.
Its clean for Tumbleweed and 42.2. The few packages that overlap do have a %bcond_with <whatever>. I just went trough the list today and wiped a few packages which entered Factory since August. To put the fact into its own line: "zypper dup --from packman" is safe. For 42.2 and Tumbleweed and SLE12SP2.
I think it's a long while before I'll trust Packman to the level you're suggesting here. Proper quality controls, review processes, and clear policies about what Packman will include and not, are all needed to improve Packmans credibility in this area.
Its up to the Packman maintainers what will be there, or not. Henne explained it nicely a few months ago.
Until then, please do not recommend priorities, or if you do, please make sure you fully explain how the priorities allow repository maintainers control over what packages are on your system and the risks that come with it.
The reason for priorities was explained in the mail you replied to: allow a user to follow ABI changes in that other repo, they remain unnoticed with the usage of --no-allow-vendor-change. Furthermore a plain zypper dup will notice if a package moves from one repo to another, or if a package disappears from one repo. So after all priorities should be considered, if the epos are clean. Olaf