YUM repository links

[John Cochrane]

> From: Matthias Saou
> <thias@spam.spam.spam.spam.spam.spam.spam.egg.and.spam.freshrpms.net>
> Reply-To: yellowdog-general@lists.terrasoftsolutions.com
> Date: Thu, 6 May 2004 11:38:51 +0200
> To: yellowdog-general@lists.terrasoftsolutions.com
> Subject: Re: YUM repository links
> 
> John Cochrane wrote :
> 
>> Regarding the additional bit of info (freshrpms), I'm afraid I have another
>> question. Although a complete newbie to Linux, I am totally comfortable with
>> the idea and principle of yum, but have yet to become intimately familiar
>> with the practice of it! To this end, I very much want to understand the
>> procedure (and consequences!) rather than just executing commands and
>> procedures 'as wrote'. After checking out your link:
>> 
>> <http://ayo.freshrpms.net/yellowdog/3.0/ppc/freshrpms>
>> 
>> but before actually implementing it, and a bit more browsing, I'm becoming
>> aware that there are repositories for all sorts of things, all over the
>> place! I'd initially assumed (naively of course!) that YDL would be the
>> place for YDL yum updates.
>> 
>> I'm hoping someone out there might be generous enough to enlighten me a
>> little as to whether all these alternate sources are (generally - nothing in
>> life is guaranteed!) approved, safe, supported, reliable etc etc... Do these
>> updates eventually find their way to YDL and do they have to be verified?
> 
> I guess I should answer this one :-)
> Regarding freshrpms.net, it's an add-on source for Red Hat Linux, Fedora
> Core, and more recently Yellow Dog Linux. It's mainly additional packages
> that don't make it into the main distribution (mostly for patent/legal/DMCA
> type of issues, or lack of interest) or a few others that are interesting
> to have more up to date to get all the latest features (but not many of
> those).
> 
> There is absolutely no guarantee whatsoever that a given package won't
> destroy your system, although this has still to happen AFAIK ;-) Currently,
> and as it's always been, all packages are maintained, built and gpg signed
> by me, so if you trust me and my "packaging skills", you should be able to
> sleep at night.

Getting the thumbs up from the YDL community was the reassurance that I was
looking for. I couldn't get that info more direct than this!

> Obviously, you shouldn't install rpm packages from
> untrusted sources, as just about any kind of nasty tricks can be hidden
> inside, which is why all my packages are gpg signed, and my yum package is
> set to automatically verify signatures before installing packages, with
> the Terra Soft Solutions key and my own initially trusted.

This was my main concern. Given the learning curve, I didn't want to invite
problems upon myself by dabbling with the wrong things!
> 
> As to whether it's safe, supported, reliable etc. there's nothing better
> than hearing experiences and advice from various sources and building your
> own opinion on the matter :-) Just be informed that I've been maintaining
> the archive for over 4 years now, and am always reachable on various lists
> (including this one of course) and off-list regarding any issues or
> suggestions.
Thanks for taking the time to reassure and explain.

John
> 
> Matthias
> 
> -- 
> Clean custom Red Hat Linux rpm packages : http://freshrpms.net/
> Fedora Core release 1.92 (FC2 Test 3) - Linux kernel 2.6.5-1.350
> Load : 0.33 0.17 0.11
> _______________________________________________
> yellowdog-general mailing list
> yellowdog-general@lists.terrasoftsolutions.com
> http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general
> HINT: to Google archives, try  '<keywords> site:terrasoftsolutions.com'