YUM repository links

Matthias Saou yellowdog-general@lists.terrasoftsolutions.com
Thu May 6 03:40:01 2004 

John Cochrane wrote :

> Regarding the additional bit of info (freshrpms), I'm afraid I have another
> question. Although a complete newbie to Linux, I am totally comfortable with
> the idea and principle of yum, but have yet to become intimately familiar
> with the practice of it! To this end, I very much want to understand the
> procedure (and consequences!) rather than just executing commands and
> procedures 'as wrote'. After checking out your link:
> 
> <http://ayo.freshrpms.net/yellowdog/3.0/ppc/freshrpms>
> 
> but before actually implementing it, and a bit more browsing, I'm becoming
> aware that there are repositories for all sorts of things, all over the
> place! I'd initially assumed (naively of course!) that YDL would be the
> place for YDL yum updates.
> 
> I'm hoping someone out there might be generous enough to enlighten me a
> little as to whether all these alternate sources are (generally - nothing in
> life is guaranteed!) approved, safe, supported, reliable etc etc... Do these
> updates eventually find their way to YDL and do they have to be verified?

I guess I should answer this one :-)
Regarding freshrpms.net, it's an add-on source for Red Hat Linux, Fedora
Core, and more recently Yellow Dog Linux. It's mainly additional packages
that don't make it into the main distribution (mostly for patent/legal/DMCA
type of issues, or lack of interest) or a few others that are interesting
to have more up to date to get all the latest features (but not many of
those).

There is absolutely no guarantee whatsoever that a given package won't
destroy your system, although this has still to happen AFAIK ;-) Currently,
and as it's always been, all packages are maintained, built and gpg signed
by me, so if you trust me and my "packaging skills", you should be able to
sleep at night. Obviously, you shouldn't install rpm packages from
untrusted sources, as just about any kind of nasty tricks can be hidden
inside, which is why all my packages are gpg signed, and my yum package is
set to automatically verify signatures before installing packages, with
the Terra Soft Solutions key and my own initially trusted.

As to whether it's safe, supported, reliable etc. there's nothing better
than hearing experiences and advice from various sources and building your
own opinion on the matter :-) Just be informed that I've been maintaining
the archive for over 4 years now, and am always reachable on various lists
(including this one of course) and off-list regarding any issues or
suggestions.

Matthias

-- 
Clean custom Red Hat Linux rpm packages : http://freshrpms.net/
Fedora Core release 1.92 (FC2 Test 3) - Linux kernel 2.6.5-1.350
Load : 0.33 0.17 0.11