Bug 217425

Summary: 3rd party package warnings
Product: [Fedora] Fedora Reporter: Trey Earl <lunitik>
Component: yumAssignee: Jeremy Katz <katzj>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 6   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-11-27 22:53:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Trey Earl 2006-11-27 21:05:38 UTC 
Description of problem:
Many users have issues with some 3rd party packages, and are never warned that
there could even be issues with these packages...

Version-Release number of selected component (if applicable):
ALL

How reproducible:
ALWAYS

Steps to Reproduce:
1. Add 3rd party repo
2. Install package
3. Watch it break libs etc...
  
Actual results:
Some 3rd party repos are not compatible with Fedora Core, users should be warned
of this.

Expected results:
Warnings stating "This package is not an official Fedora package, are you sure"

Also, more mechanisms should be in place to package 3rd party things for
Extras... and more 3rd party repo's should be advised to package for extras...
Comment 1 Jeremy Katz 2006-11-27 22:53:25 UTC 
The problem is how do you define what repository is "3rd party"?  If it's just
something specified in the repo file, then you end up with essentially an arms
race.  And hard-coding isn't the right answer either.  Unfortunately, I think
this is something that just has to be handled by education and not through
technology.
Comment 2 Trey Earl 2006-11-28 03:03:05 UTC 
IMO, this should be anything that isn't Core or Extras (soon to be just extras
as Fedora)

Fedora cannot be held responsible for testing of anything not directly part of
the distribution...

Most users use Livna, and it appears to be safe enough, but should still have
the same warnings... perhaps over time, yum can develop a "trusted 3rd party"
list of repos in some way? Perhaps a new tag in yum files 'trusted=1' to turn
off warnings manually also?

Too many users install things from places like atrpms that can break things
severly, so something like this certainly needs to be done.

Plus, letting people know about this might convince more such repo's to actually
package things directly for Fedora (via extras etc) which would certainly be a
good thing!
Comment 3 Trey Earl 2006-11-28 03:05:37 UTC 
Some way being remotely... perhaps via some file contained on each official repo?

Then as stated, the manual addition of trusted=1 so the user can get rid of the
warnings...