Mailinglist Archive: opensuse-factory (807 mails)

< Previous Next >
Re: [opensuse-factory] Tumbleweed snapshot question
Am Sonntag, den 12.02.2017, 17:17 +0100 schrieb Richard Brown:
Olaf, your advice only holds true if you trust the admin of the home
repo more than the admin of Mozilla and the admin for Packman more
than the admins of Tumbleweed.

Note the "whatever you want the stacking to be". "you == bjoernv".

Since its spring time in a few weeks, its probably time to wade through
populare repos and wipe packages and/or binaries which are already in
Factory, at least for the "openSUSE_Tumbleweed" targets.

I can count the people who's home repo I would trust to that degree
on one hand, and even then I'd discuss with them a better solution
than using their home repo.

User "bjoernv" can trust contents of its own "home:bjoernv".


Mozilla, sure, MAYBE, would be the one repo in your list that I would
consider given a higher priority for, because Wolfgang knows what
he's doing and he's earned that trust and shown his capability to
maintainer repositories properly with Evergreen.

This is what Björn had or has in its repo list, so its up to him to
decide if he wants or needs packages from there. Neither my nor your
call to decide that.


But packman, seriously? I hate to be so overly critical but the
administration of Packman has been a joke for years, with terrible
ill informed decisions made by the maintainers.

Its clean for Tumbleweed and 42.2. The few packages that overlap do
have a %bcond_with <whatever>. I just went trough the list today and
wiped a few packages which entered Factory since August.

To put the fact into its own line: "zypper dup --from packman" is safe.
For 42.2 and Tumbleweed and SLE12SP2.



I think it's a long while before I'll trust Packman to the level
you're suggesting here. Proper quality controls, review processes,
and clear policies about what Packman will include and not, are all
needed to improve Packmans credibility in this area.

Its up to the Packman maintainers what will be there, or not.
Henne explained it nicely a few months ago.

Until then, please do not recommend priorities, or if you do, please
make sure you fully explain how the priorities allow repository
maintainers control over what packages are on your system and the
risks that come with it.

The reason for priorities was explained in the mail you replied to:
allow a user to follow ABI changes in that other repo, they remain
unnoticed with the usage of --no-allow-vendor-change. Furthermore a
plain zypper dup will notice if a package moves from one repo to
another, or if a package disappears from one repo.

So after all priorities should be considered, if the epos are clean.

Olaf
< Previous Next >