On 01/11/2007, Aniruddha mailing_list@orange.nl wrote:
Off course it it is doable (see Debian/Gentoo/FreeBSD/Ubuntu) who support up to 22000 packages. the only question is how ;)
Partly because they have a lot of people producing the packages, and if One were cynical One could suggest because they don't do so much security & quality checking compared to RH/SUSE etc whose businesses depend on it.
You are trusting the packagers from Gentoo/Ubuntu etc because they are associated with the project, not because you know that they are in fact doing their job properly. That is the point, you choose who you wish to trust. The valid problems here are
1) There are not separate keys for each repository - this is on the roadmap to be fixed by year end. http://en.opensuse.org/Build_Service/Roadmap
2) There is no way to tie a packager's key to peer ratings/comments etc. This will be easier to implement once the user database which stores identity & other information about users & packages is ready.
We can make it easier to make an informed decision about who One wishes to trust, but the choice about who to trust still has to be up to you.
Making home: repositories harder to add doesn't solve any problem, and anyone can make use of the one click install mechanism for repositories that arn't even in the build service.
-- Benjamin Weber --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org