Andrew Parker wrote:
repositories (a la yum) for the database. then files that
couldn't be
opened by fedora rpms could be provided by other "repos".
This would open fedora to all types of security problems because the
fedoraproject is not able to control/vet/modify external repos - and
hence this capability is specifically disallowed in the fedora packaging
process.
Having the current setup where a user goes to a web site, installs a
x-release rpm, and then needs to accepting import of the repo's signing
key means that it is the user who needs to decide whether they can trust
repo x {which could do _anything_ on their machine}.
DaveT.