The packages from http://downloads-distro.mongodb.org/repo/redhat/os/ installs your yum repository without prompting or permission.

This is bad because:

• production systems generally cannot connect to the outside thus leaving them in an undesired state
• it's likely to breach many peoples security policies
• you only keep the latest version in your repos which does not serve customer needs as a full fledged yum repo for production use, its not possible to ensure all mongo servers are at the same version using your repository
• by having just the latest version and adding your repos without permission you promote user error - someone running yum update will also immediately get your latest release
• its simply a very nasty thing to do, package sources and policies should be left to the administrators of a site

Thanks.