Translations:Ebuild repository/3/en

Since package repositories are nothing more (or less) than a set of files (ebuilds, metadata files, ChangeLog entries ...) these repositories can be pulled in from public repositories (git, cvs, svn ...) or downloaded as tarballs and extracted manually onto the system. It is advised to use managed repositories by trusted third parties; any installed overlay will cause Portage to look through the overlayed files when deciding which software to install. If compromised code is in the overlay, then compromised packages could be installed on the system.