I did zypper dup yesterday, during which I was more or less forced into a vendor change for Firefox from the main Opensuse repo to “home:XOF:HSF” (whatever that means) because no dependencies could be satisfied any other way.
And it doesn’t work - message : XPCOMGlueLoad error for file /usr/lib64/firefox/libxul.so: /usr/lib64/firefox/libxul.so: undefined symbol: png_get_next_frame_delay_num, version PNG16_0 Couldn't load XPCOM.
Tried to find which package supplies it to, no avail. And I don’t know how to change back to original vendor to get a version that works…
Home repo are private repos maintained by people for their own purposes. they are NOT official
Get the package you want but do not allow active use of the repo ie disable or do not add the repo. Only the person that maintains the reo knows whats there and thing in the repo may cause problems in you OS
For openSUSE Tumbleweed there are only three official openSUSE repositories:
repo-oss
repo-non-oss
update
The software in this repositories is tested via openQA and can be assumed to result in a working openSUSE Tumbleweed system.
Then there is the Packman repository which enhances some openUSE packages with software that can not be supplied by openSUSE for legal reasons. The software in this repository in general will quite reliably work with openSUSE Tumbleweed as well.
The software in any other repository may work with openSUSE Tumbleweed but it is not tested with openQA and it may fail at any given time.
The risk with such repositories is that they may provide newer versions of system packages which will not properly interact with the rest of your system. So if you keep those repositories enabled the update process can pull in packages which may cause your system to fail.
I used a lot of mays in the explanation above to point out that you can have a running system even when you use those repositories but you probably should be skilled enough to deal with any problems arising from the usage of those repositories.
As example the firefox version which got pulled in from the https://download.opensuse.org/repositories/home:/X0F:/HSF is dangerously altered by the packager of the home repo. He disabled extension signing. That means it is possible to install maliciuos extensions in his firefox version as he disabled basic security features required by mozilla.
Additionally if you glance over the spec file of this firefox package you will see that he has no manners and no clue.
This single example should be enough reasons to uninstall everything from this home repo and remove it. There are for sure more of such “gems” hidden in this repository…
Command zypper search -sir "REPONAME|URL|NUMBER" will show you the installed packages from a Repo:
-s, --details Show each available version in each repository on a separate line.
-i, --installed-only Show only installed packages.
-r, --repo <ALIAS|#|URI> Work only with the specified repository.
And I’ve learnt what the icons mean in the repositories tab of Yast - which I didn’t pay much mind to before.
Is there any way of knowing the reputation of a home repo? There are, after all, serious people doing their best to maintain packages of what you might call “niche” applications.
I think I may, in the future, be less lazy and do more installation from source if I can’t find a package from a serious repo.
I do not quite understand what you mean by “reputation”.
There might be situations where the firefox-version described in post #7 is useful although I personally had no need so far for a firefox-version like this (and therefor would never use it for my daily work).
All software (even the one in the openSUSE repositories) serves an individual purpose.
One has to find out what that purpose is (e.g. by reading the documentation, talking to the developer, …) and based on the information gathered one has to decide whether a package fits ones personal demands/preferences/… or not.
Regarding the interoperability of an individual software package with ones openSUSE system
there are two possibilities:
If the packages comes from a repository recommended by openSUSE (repo-oss, repo-non-oss, …) then the interoperability has been tested and chances are good that the package will not interfere with ones openSUSE system.
For all other packages (even the ones individually compiled from source) it is up to the user to ensure that the package will not interfere with ones openSUSE system.
I thought they functioned like ppa’s in Ubuntu / Debian - often recommended by developers because more up to date…
Know better now.
Which is why I use Tumbleweed - I used Leap for a while, but my graphics apps, as supplied by the Leap repos, were hopelessly out of date (years in some cases).
Anyway, thanks all - everything installed is now from a respectable source!