"ext Luarvique L. Luarvique" <luarvi...@gmail.com> writes: > This whole talk about "any repository but Extras is unsafe and evil" > is mostly bullshit, and I think most users are smart enough to know > it.
It might be mostly bullshit, but not entirely. If we teach people that it is normal to go hunting for alternative repositories, we substantially increase the risk that they run into unsafe and evil ones. The difference is between one or maybe three well known sources, and uncounted mostly unknown sources. You can have a million security frameworks on your device, but as long as you go and install stuff 'randomly' from the Internet, you are running a high risk. One of the first things that you learn when you grow up is that it is not a good idea to put everything into your mouth that you find on the ground. While nobody should be forced to funnel his packages through the few well known repositories, our users should more or less demand to find all the good stuff in them, because they know that these repositories are well-maintained and backed by a community: packages are not abandoned, and they can expect them to be updated when necessary. Thus, we should market the advantages of a centralized repository to our users (down to making adding new repositories with .install files more scary, but still fair), and work to reduce repository fragmentation by seeking out the 'rogue' ones and copying their packages into ours, if legal, and subject to the same QA as other packages, of course. This might also be a good opportunity for some of us to eat our own dog food. If would be great if the people who drive the maemo.org QA process would back this up by maintaining a good number of packages themselves. (Maybe they do, I really don't know.) _______________________________________________ maemo-developers mailing list maemo-developers@maemo.org https://lists.maemo.org/mailman/listinfo/maemo-developers
