在 2021-05-05星期三的 07:44 +0200,Dan Čermák写道: > przemek klosowski via devel <devel@lists.fedoraproject.org> writes: > > > Is that something we need to worry about? I couldn't think of any new > > rules to impose on repositories, but maybe dnf should have more > > explicit > > warnings when it sees multiple versions of the same package, or at > > least > > a way to show such versions. > > Or how about teaching dnf that only certain repositories are allowed to > be used for updates (with an allowedlist for exceptions)? Then > microsoft > or any other third party repo could put hello-5000-1 into their repo > and > it could never compromise your system, as dnf would not consider the > 3rd > party repo a valid update repo for a base system package. > > That would require dnf to track where it got the package from though > and I am not sure if it does that at the moment? This reminds me of an idea named Vendor Change from Zypper of openSUSE https://en.opensuse.org/SDB:Vendor_change_update This approach seems to solve our problems here? > > > Cheers, > > Dan > _______________________________________________ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://docs.fedoraproject.org/en- > US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject > .org > Do not reply to spam on the list, report it: https://pagure.io/fedora- > infrastructure
-- Qiyu Yan GPG keyid: 0x4FC914F065F2DF12 About: https://fedoraproject.org/wiki/User:Yanqiyu
signature.asc
Description: This is a digitally signed message part
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
