[packagers] Re: [users] The demise of the repotag

[Fernando Lopez-Lezcano]

On Thu, 2007-04-19 at 20:40 +0200, Dag Wieers wrote:
> On Thu, 19 Apr 2007, Mark Hull-Richter wrote:
> 
> > On 4/19/07, Dag Wieers <dag at wieers.com> wrote:
> >
> > > As I expected and briefed before, Fedora and EPEL will not adopt a
> > > repotag. With that they refuse to accept or consider the existence of a
> > > diversity of repositories, or at least promote themselves to be the one
> > > and only upstream provider of packages.
> >
> > I'm a little new to this world of repos and repotags - what are the
> > implications of this to the users, like all of us?  How does it impact
> > our use of repositories?
> 
> A repotag is a small string put in the release-tag of an RPM packages. For 
> RPMforge this is the '.rf.' part in the filename.
> 
> Having this consistently makes it obvious from a directory listing, 
> package listing or from a copy&pasted output where a package came from.
> Much like what the disttag is used for. A '.el5.' means a package was made 
> specifically for RHEL5 or CentOS5.
> 
> Now without such a repotag, 2 packages from different sources may be 
> exactly identical in filename and version. They would appear to be the 
> same and for a tool like Yum or Apt it becomes hard (currently impossible) 
> to know which one is the one it needs. Especially with incompatible 
> packages this would be a real problem.
> 
> So a repotag has 2 distinct purposes:
> 
>  - Making RPM packages (filenames and versions) unique
> 
>  - Identification of packages which simplifies package management and 
>    troubleshooting (copyp&pasted output)
> 
> Even though the repotag is arbitrary and can be faked (just like the 
> disttag), because packages are being signed this is not a real concern.
> Not having a repotag would be as insecure as having one.
> 
> Another non-valid concern made was that a repotag would change the version 
> comparison. But since there is no clear way how to compare 2 releases from 
> 2 different sources anyway, it doesn't impose any problem whether there is 
> a repotag or there isn't.
> 
> That's about it. A repotag is just very convenient for users and 
> packagers.

[disclaimer: I have not followed the discussion in the epel list]

It is _very_ convenient. 

That's why I don't see the point in repos dropping what they currently
use for no technical reason that I can see. If epel does not want to use
them then fine. It will be the only repo without a repo tag (ie: package
has no tag? comes from epel). In this way you are basically saying "if
you don't want to play by my rules I'll play by yours even though they
are worse rules". What is the point, being able to say some time from
now "see: it is worse and more confusing now that nobody uses
repotags!". 

As this is obvious to me I must be missing something...
-- Fernando