Repository question

opensuseforumorg42 · September 19, 2014, 8:03am

I was going to download a couple of packages not in the Repositories that are automatically added during openSUSE 13.1 install.

One was GMIC. YaST showed the following repositories:
http://download.opensuse.org/distribution/13.1/repo/oss
http://download.opensuse.org/repositories/graphics/openSUSE_13.1 New
http://download.opensuse.org/repositories/openSUSE_13.1/ports New

I also required the current Firefox which I got from:
http://download.opensuse.org/repositories/mozilla/openSUSE_13.1 New

And,
http://download.opesuse.org/X11:/Utilities/openSUSE_13.1/ New

What are the above New repos? What are they called?
Are they safe? During a 1 click install, YaST asks whether to keep repos or not, is one way better than the other?
I listed the community repos in YaST and I did not see these repos, so they are not community.
Does the colon () in the url mean anything? I saw “/Virtualization/” and “/Virtualization:/”.
It is clear what the distribution repos are and their respective update repo.
Are updates only security updates?
Can updates be modifications?
Are they ever new versions?
Are home repos also community repos?
So there are Distrubtion, Community, Home repos. And Factory. Are there other types of repos?
I generally stay away from home repo’s because of security and dependencies.
In the past, I usually found out a repo was no longer when YaST complained.
Is there a way to be proactive (mailing list, web page, rss feed, etc,)?
I have a friend that went to LMDE (Lint Mint Debian) because it is/was a rolling release.
This was suppose to be their answer to staying current in increments, thus saving them time,
but not giving up security. They are also pretty confident in debugging and providing patches.
But LMDE is changing. This article reminded me of LMDE, “Opensuse Rolling Release”,
at http://lwn.net/Articles/606993/. It sounds like Factory would be a good thing to run in a
test VM, while using the distro as the host.

Thank you.

F_Sauce · September 19, 2014, 8:57am

Hello.

I would not recommend keeping those repoes as YaST sources.
Stick to the official repoes; in addition use the packman repo, if you wish to have the additional restricted codecs, as well as the gpu driver repoes for your graphics-card if you wish to utilise those drivers.

If you wish to use any OBS packages from a development repo such as ‘mozilla’ (one of your links) or any user provided packages, pay attention to what dependencies packages are installed; upgrading i.e. libs satisfying the dependencies of one specific app might break other parts of your system; and these repoes may often, of necessity, provide such upgraded libs.
Take it step by step and be conscious of what you do so you may more easily revert back to the original state of the system, if it turns out wrongly.

robin_listas · September 19, 2014, 4:35pm

On 2014-09-19 08:06, opensuseforumorg42 wrote:

> 1. What are the above New repos? What are they called?

Dunno. I don’t know where you see the “new” word.

> Are they safe?

Depends. They are not home repos.

> During a 1 click install, YaST asks whether to keep
> repos or not, is one way better than the other?

Depends.

When I want only a single package and do not want updates, I do not add
the repo. Otherwise, I add the repo, usually manually, then I use YaST
to install what I want.

> I listed the community repos in YaST and I did not see these repos,
> so they are not community.

No, they are indeed community repos, like all the OBS except the
official ones. Just not listed in that feature in yast called “community
repos”. Those are simply the most useful/popular.

> Does the colon -(:)- in the url mean anything? I saw
> “/Virtualization/” and “/Virtualization:/”.

I’ve never really known.

> 2. It is clear what the distribution repos are and their respective
> update repo.
> Are updates only security updates?

In the past, yes. Now, no.

> Can updates be modifications?

Yep.

> Are they ever new versions?

Some times. Mozilla, for instance.

> 3. Are home repos also community repos?

Er… no.

They can be anything. They can be just a place where that person is
trying things, or doing things for himself. Some are not really intended
to be “used”, but others are. Sometimes a developer tries things there,
and later he moves them to another, more public or even official repo.

> 5. I have a friend that went to LMDE (Lint Mint Debian) because it
> is/was a rolling release.
> This was suppose to be their answer to staying current in
> increments, thus saving them time,
> but not giving up security. They are also pretty confident in
> debugging and providing patches.
> But LMDE is changing. This article reminded me of LMDE, “Opensuse
> Rolling Release”,
> at http://lwn.net/Articles/606993/. It sounds like Factory would be
> a good thing to run in a
> test VM, while using the distro as the host.

Debatable…

–
Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)

tsu2 · September 19, 2014, 6:18pm

Re: the “NEW” repos
Based only on their URI, they all look like they <probably> are community repos, ie supported by an organization and not just someone’s personal creation. So, although nothing is certain, they’re probably reliable. And, I would guess that <these> repos you listed are safe to add permanently and allow to be refreshed.
Remember also that although repos may offer new versions, if you only run “zypper patch” you will get only security updates while if you run “zypper update” you will get the latest versions available. So, just because the repos offer something new, whether that something new is installed is determined by the command you run.
Not AFAIK. Repos are generally maintained as long as they are useful. Although there can be exceptions, if you rely on packages in a repo that is taken down, something is wrong. Typically in my experience repos experience a relatively long period of inactivity before they’re actually removed from servers. If that happens, just remove the old repo and maybe upgrade your system to use new repos (maybe even a distro upgrade).
Anyone running Factory should be doing it for very specific reasons and not as their main OS. Yes, if you’re experimenting, running as a virtualized Guest is a good decision.

IMO,
TSU

robin_listas · September 19, 2014, 7:03pm

On 2014-09-19 18:26, tsu2 wrote:

> 2. Remember also that although repos may offer new versions, if you only
> run “zypper patch” you will get only security updates while if you run
> “zypper update” you will get the latest versions available. So, just
> because the repos offer something new, whether that something new is
> installed is determined by the command you run.

Er… no, that’s not exact.

A “zypper patch” gets patches from repositories that provide patches,
which typically are only the “repo-update” and the “repo-update-non-oss”
(but there are a few more).

That particular repo, traditionally only provided security updates, but
it can provide about any kind wanted. For instance, you get version
updates to firefox and thunderbird in there. Look:


> Telcontar:~ # zypper --no-refresh se --details MozillaFirefox
> Loading repository data...
> Reading installed packages...
>
> S | Name                                    | Type       | Version     | Arch   | Repository
> --+-----------------------------------------+------------+-------------+--------+---------------------
> i | MozillaFirefox                          | package    | 31.1.0-42.1 | x86_64 | openSUSE-13.1-Update
> v | MozillaFirefox                          | package    | 31.0-33.1   | x86_64 | openSUSE-13.1-Update
> v | MozillaFirefox                          | package    | 30.0-29.1   | x86_64 | openSUSE-13.1-Update
> v | MozillaFirefox                          | package    | 29.0.1-24.1 | x86_64 | openSUSE-13.1-Update
> v | MozillaFirefox                          | package    | 29.0-20.1   | x86_64 | openSUSE-13.1-Update
> v | MozillaFirefox                          | package    | 28.0-17.1   | x86_64 | openSUSE-13.1-Update
> v | MozillaFirefox                          | package    | 27.0.1-12.1 | x86_64 | openSUSE-13.1-Update
> v | MozillaFirefox                          | package    | 27.0-8.1    | x86_64 | openSUSE-13.1-Update
> v | MozillaFirefox                          | package    | 26.0-4.2    | x86_64 | openSUSE-13.1-Update
> v | MozillaFirefox                          | package    | 25.0-1.1    | x86_64 | openSUSE-13.1-Oss
> v | MozillaFirefox                          | package    | 25.0-1.1    | x86_64 | ISO image of 13.1
....

The current definition is that you get the official updates from those
two repos.

And to get updates from other places, like most of the OBS, you need to
use “zypper up” instead, because they don’t provide update type repos,
for “patch” to work. But they might, and a few do, actually.

–
Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)