On Nov 22, 10 15:19:00 +0100, Martin Schlander wrote:
Mandag den 22. november 2010 13:21:19 skrev Juergen Weigert:
So who should advertise packages / repositories? End users do. By voting. A search engine that knows hundreds of repositories is likely to break your system, by offering you incompatible packages. So let users give their feedback what worked for them (on which particular system).
Users are likely to vote up "exciting" risky repos - like e.g. KDE:Distro:Factory or X11 repo or Kernel repo.
I think it would be better to have some objective criteria for repo safety - instead of trusting popularity. E.g. if a repo does any of the following it should not be considered safe by definition - no matter how popular:
- Wants to touch the kernel, X, glibc, alsa etc.
- Wants to touch package management components (rpm, libzypp etc.)
- Wants to touch core libraries or interpreters like Qt, Gtk, Python
- Wants to touch your base desktop workspace