M. Fioretti writes:
There's no technical reason why an rpm file cannot include the URL of any repositories that provide packages any needed dependencies, together with the repositories' keys.I like the concept, but for some reason which I can't point out before sleeping I have the _feeling_ that there is some practical reason why this wouldn't work in real life. But maybe I'm just sleepy.
I've thought about this -- there is one situation where this model breaks down. This model depends on everyone using different package names. If two repos build a different package and use the same name for both of them, this model is going to break down.
It is necessary to have some measure of self-discipline here, and people need to keep within their own boundaries, and not stick their nose where it doesn't belong. But I do not believe that it is a big concern. People running third party repos right now already exhibit discipline. Everyone else depends on them, and basically gives them carte-blanche to install arbitrary software on their own machines. That's a lot of trust, and, over the past couple of years we didn't really have many instances of this trust being abused.
Attachment:
pgpd0DlYgonS5.pgp
Description: PGP signature
