[SERVER-3488] RPM packages from 10gen installs yum repository Created: 27/Jul/11  Updated: 10/Dec/14  Resolved: 07/Nov/13

Status: Closed
Project: Core Server
Component/s: Packaging
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Minor - P4
Reporter: R.I.Pienaar Assignee: Ernie Hershey
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

CentOS 5/6


Operating System: Linux
Participants:

 Description   

The packages from http://downloads-distro.mongodb.org/repo/redhat/os/ installs your yum repository without prompting or permission.

This is bad because:

  • production systems generally cannot connect to the outside thus leaving them in an undesired state
  • it's likely to breach many peoples security policies
  • you only keep the latest version in your repos which does not serve customer needs as a full fledged yum repo for production use, its not possible to ensure all mongo servers are at the same version using your repository
  • by having just the latest version and adding your repos without permission you promote user error - someone running yum update will also immediately get your latest release
  • its simply a very nasty thing to do, package sources and policies should be left to the administrators of a site

Thanks.



 Comments   
Comment by Ernie Hershey [ 07/Nov/13 ]

I've verified this isn't happening with the latest packages - 2.5.3 or 2.4.8. Something may have inadvertently fixed this.

Generated at Thu Feb 08 03:03:11 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.