I’m coming from using Debian/Ubuntu for 10 years and I have a strong policy of never using a PPA or any 3rd party repository that isn’t directly from a particular software vendor.
Coming over to Fedora, I see many thing push you toward RPM Fusion. Where does RPM Fusion fit in the grand scheme of things? Who runs it and is it something I should just take as if it was an official repository from Fedora/CentOS/RHEL?
I manage a ton of CentOS servers and EPEL was fine with me, is RPM Fusion in the same class as that?
Hello @sajanparikh
I use Fedora since many years, but I’m permanently unsure about everything. I don’t want to state inaccurate statements.
However I can say that RPMFusion is definitely a trustworthy repository and has nothing to do with ppa. As far as I know they have a quality assurance process, policies and some Fedora packarers maintain packages also in this repository.
Something like ppa in Fedora could be Copr.
rpm fusion provides various support suitable for multimedia part. It’s really useful when working as a regular desktop with workstation support rather than as a server.
In the multimedia support section, rpmfusion.org provides more powerful tools than the Fedora package. I think that can be applied to Fedora as well, according to a policy that is similarly supported in the EL part.
The questions seems difcult to answer and, I think, only you can answer it to yourself.
How do you define trustworthy? In case you trust (closed-source?) repositories “from a particular software vendor” the bar does not seem to be too high.
I think it is imporant to note that RPMFusion follows the Fedora Packaging Guidelines (Contributors - RPM Fusion), which require a review of packages. That certainly adds a layer of security to the repository compared to PPA or COPR repos.
Moreover, all software is open-source and all .spec files can be found on the Build system (Build System Info | koji). So, if you have time, you can do some cross-checks. There, you can also see who the packagers of the various packages are… they are all well-known in the Fedora community.
RPM Fusion is meant to provide packages that Fedora won’t ship (usually) due to licensing or because the application is proprietary. By default Fedora already has some packages that will come from RPM Fusion, but only if you enable them first. These are:
Chrome
Steam
Nvidia Drivers
Fedora also references RPM Fusion in their documentation and provides more information about their relationship with RPM Fusion on:
Considering people from Fedora work on RPM Fusion and that RPM Fusion doesn’t just accept any packages or projects added to it, the way anyone can create a PPA, it’s pretty trust worthy.