Mailinglist Archive: opensuse (4398 mails)

< Previous Next >
Re: [opensuse] Packages from a user and Packager perspective
  • From: Sonja Krause-Harder <skh@xxxxxxx>
  • Date: Tue, 6 Sep 2005 14:04:28 +0200
  • Message-id: <20050906120428.GA5481@xxxxxxxxxxxxxxx>
On Tue, Sep 06, 2005 at 01:48:25PM +0200, Pascal Bleser wrote:
> C'mon, it's the same on packman: someone sends an e-mail "hi I packaged this".
> Would you just take his RPM and put it in the packman repository as-is, without reviewing or testing it ?

What if the package was clearly marked as untested, submitted by an
unknown, unrated, untrusted new user, and not available through
automatic update, but only with explicit manual intervention? Would you
still object?

Trust is an issue. But keeping everything out and only letting trusted
packages is only one possible solution, and one that creates the
bottlenecks you can observe in other open projects.

Another idea is transparency: make clear what level of trust a package
has, what kinds of reviews were done, and make sure users know the risks
when they download and install something. But allow everyone to use the
build infrastructure and package distribution servers and host their
packages there.

What would we need for such a model to work?

Sonja

--
Sonja Krause-Harder (skh@xxxxxxx)
Research & Development SUSE Linux Products GmbH


< Previous Next >