On Montag, 28. März 2022 23:46:45 CEST Martin Wilck wrote:
On Mon, 2022-03-28 at 21:43 +0200, Stefan Brüns wrote:
I maintain a lot of packages, and I would not recommend anyone to use the work-in-progress from my home repositories. I use packages from devel projects for testing only, and only because I know what I am doing.
You wouldn't set the "publish" flag on these repos that you wouldn't recommend, right? If someone sets this flag, it should be for a purpose.
Of course, when you activate someone's home repo, you don't know. The repo owner may be long gone or be a malicious jerk. So no, we shouldn't actively encourage it. But we shouldn't discourage it, either, because we'd be discouraging our distribution as such.
Perhaps some weak "review" process could be established around public, inofficial OBS repositories. For example, a bot could auto-uncheck the "publish" flag for repos that haven't seen any updates for a long time, and users setting the "publish" flag could be asked to provide meaningful descriptions for their repos and the packages therein.
And who will do the review? And if someone does the review and it passes, why not let *everyone* use the result in a straight forward way, and push it to Factory?
The submission and review process and its bots aren't everybody's best friends. Going into details would be really OT...
Some applications and libraries may be so special that they simply don't need to be part of the core distro. Every package causes metadata to need to be downloaded and updated, dependencies to be calculated, etc. I'd rather ask the opposite question: why insist on everything going through one big monolith?
Everything that is not part of TWs Ring:1 does not need to be part of the core distro. Everything else is a matter of taste and need.
Even on an RPi3 dependencies are not a problem, and that is probably the lower end for openSUSE.
For many devel projects, most or even all packages are also part of the distribution proper, so you download this metadata twice when you add the devel project.
The origins of dependencies have to form a directed acyclic graph. When you have the same package in multiple projects, you are asking for trouble. You can achieve proper dependencies by layering, like done for SLE/Leap, or you put everything in one repository. Even with layering, you have to be careful because you have to synchronize metadata updates over the whole tree (typical example is breakage due to Packman being late).
Does Factory really need 3rd party repos? I can definitely work without any.
I hardly ever delete repositories I had once configured. I only disable them. Indeed, the only repo I have currently enabled besides the official ones is google-chrome. But I have no less than 46 disabled repos on my 6y-old TW installation. Some are debug repos, many of them are my own. Another large part consists of devel projects. And some are from other people's home projects.
So apparently also for you the answer is "no" (proprietary packages are obviously a corner case openSUSE can not provide in its main repo).
The disabled repositories actually proves the point. You needed these for very specific scenarios, but you no longer need them. But you are also a user with sufficient technical background to handle this - definitely not the case for the average user.
Kind regards, Stefan