Problem:
I run an Alma (and before that CentOS) shop, and historically I’ve always kept the EPEL repo disabled by default and enabled for specific package installs in the interests of avoiding unexpected package conflicts, and when I moved to Foreman for updates I maintained this procedure via the use of setting of specific include package filters for the packages I need. By and large the only packages from EPEL provided are a handful of utility tools (ncdu, iotop, nmon netc), although my boxes do use Zabbix from Zabbix’s own repo, a package which is also present in EPEL and has been known to cause problems.
However, this means that if I need to enable a package from the EPEL Repo I have to push out a whole new Content View. I was up until today using a Weekly sync plan, and depending on my position in my monthly patching cycle this was introducing the risk of additional, untested packages also being added into the Content View. I’ve partially alleviated this issue today by switching from a Weekly sync to a Monthly first Tuesday of the month Sync via cron, but it’s still a layer of additional toil enabling packages in this way.
I don’t really want to be checking every box every month for any random EPEL packages that might crop up during the upgrade cycle either (although I guess I am in the process of automating patching and could devise a check for this).
On the plus side however it would allow me to still maintain an extra layer of control against packages that are installed.
None-the-less I’m starting to suspect that this approach might be a little overcautious however, and I was wondering how other people handle EPEL packages and any potential conflicts that may or may not surface in practice? Do they crop up with any regularity in other people’s experience? Would I be better just setting one or two excludes for known troublemakers instead?
Thanks.