Red Hat Bugzilla – Bug 217425
3rd party package warnings
Last modified: 2014-01-21 17:56:28 EST
Description of problem: Many users have issues with some 3rd party packages, and are never warned that there could even be issues with these packages... Version-Release number of selected component (if applicable): ALL How reproducible: ALWAYS Steps to Reproduce: 1. Add 3rd party repo 2. Install package 3. Watch it break libs etc... Actual results: Some 3rd party repos are not compatible with Fedora Core, users should be warned of this. Expected results: Warnings stating "This package is not an official Fedora package, are you sure" Also, more mechanisms should be in place to package 3rd party things for Extras... and more 3rd party repo's should be advised to package for extras...
The problem is how do you define what repository is "3rd party"? If it's just something specified in the repo file, then you end up with essentially an arms race. And hard-coding isn't the right answer either. Unfortunately, I think this is something that just has to be handled by education and not through technology.
IMO, this should be anything that isn't Core or Extras (soon to be just extras as Fedora) Fedora cannot be held responsible for testing of anything not directly part of the distribution... Most users use Livna, and it appears to be safe enough, but should still have the same warnings... perhaps over time, yum can develop a "trusted 3rd party" list of repos in some way? Perhaps a new tag in yum files 'trusted=1' to turn off warnings manually also? Too many users install things from places like atrpms that can break things severly, so something like this certainly needs to be done. Plus, letting people know about this might convince more such repo's to actually package things directly for Fedora (via extras etc) which would certainly be a good thing!
Some way being remotely... perhaps via some file contained on each official repo? Then as stated, the manual addition of trusted=1 so the user can get rid of the warnings...