Details
-
Bug
-
Resolution: Done
-
Minor - P4
-
None
-
None
-
None
-
CentOS 5/6
-
Linux
Description
The packages from http://downloads-distro.mongodb.org/repo/redhat/os/ installs your yum repository without prompting or permission.
This is bad because:
- production systems generally cannot connect to the outside thus leaving them in an undesired state
- it's likely to breach many peoples security policies
- you only keep the latest version in your repos which does not serve customer needs as a full fledged yum repo for production use, its not possible to ensure all mongo servers are at the same version using your repository
- by having just the latest version and adding your repos without permission you promote user error - someone running yum update will also immediately get your latest release
- its simply a very nasty thing to do, package sources and policies should be left to the administrators of a site
Thanks.