[Yum] Request for comment -- repository-level redirects

Eric S. Raymond esr at thyrsus.com
Thu Feb 3 10:09:54 UTC 2005


seth vidal <skvidal at phy.duke.edu>:
> The problem I've seen is that even the repositories aren't sure who they
> are and are not compatible with. So trusting a repositories claim about
> what it is compat or dependent on is a dicey affair.

There are two responses to this...

One: You've put your finger on one reason that what I proposed is actually 
a package-set redirect rather than a repository redirect.  Thus,
fedoraproject.org might say

#Channel	regexp		Repository
stable		RealPlayer	http://macromedia.mplug.org/

The semantics is "If a user searching the stable channel for a package
name matching the regexp 'RealPlayer' fails to get it, redirect him
to http://macromedia.mplug.org/".  This is not actually a dependency
claim, which would be simulated with something like this, say, at
livna:

#Channel	regexp		Repository
stable		.*		http://fedora.us/stable/

This isn't, in itself, a claim of compatibility in the depsolver sense.
Rather, it's an automated handoff that may be *motivated* by such a claim.

Two: OK, let's suppose compatibility claims are unreliable.  That's 
actually irrelevant to whether redirects are a good idea -- because if
they're unreliable for repo admins, they're equally unreliable for
end users.

Thus, redirects wouldn't make the trust problem worse.  What
they would do is move it from hundreds of thousands of users'
config filers to a handful of repo config files being watched
by specialists.  That has to be a win.

> In addition I agree with rgb  - doing a redirect from a repo is a little
> scary to me. I don't mind trusting 1 repo, but I do mind letting them
> repoint me to some other random place and make me pull down all those
> pkgs, too.

You've misunderstood the proposal slightly (my fault, probably).  It
would never be "make you pull down all those packages", it would be
"hand off this specified class of requests".

Anyway, how many levels deep you recurse is a client policy decision.

> If you want to talk about a way to add to the metadata to define inter-
> repository-dependency-sets then that's a whole other discussion,

It is, and orthogonal to what I have in mind.  We might eventually use such
information to compute what the redirect sets ought to be, but first
things first.
-- 
		<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>



More information about the Yum mailing list