mike at easysw.com
Thu Oct 26 17:08:59 PDT 2006
Fabian Groffen wrote:
> A package manager that can install into an arbitrary offset, such as 
> can of course easily handle the offset "/" for the host OS.
Given that we are talking about LSB packaging, RPM is the "standard"
package format, and any OS that doesn't use RPM natively will need to
support the RPM functionality/dependencies/etc. It's great that
Gentoo can support it, but the important thing is that current RPM
> It is
> questionable to me how much that package manager should "know" about
> it's local user offsets:
As I see it, the package manager should only know about the packages
in the current "scope". Thus, when installing as a user, the package
manager will have read/write access to the user's package database and
read access to the system package database.
It is possible that an administrator could specify a username to access
that user's package database, essentially impersonating that user.
Similarly, you might provide a mode to look at all users' packages.
Regardless, while the functionality offered to system administrators
is important, I don't believe it is critical for us to decide what
additional management functionality is required for/provided to system
administrators, but instead to define the required functionality for
user-mode installations and the interactions with the system
installations - that is, look from the user's perspective, not the
> - should the package manager ever uninstall packages installed by users?
> (i.e. security vulnerability override upgrade of a package by admin)
I don't believe the package manager, run by the administrator, should
automatically uninstall or upgrade user-installed packages. However,
the user should be able to use the same package updating tools (yum,
aptget, etc.) to update their locally-installed packages.
Ideally, the core packages (typically libraries) affected by security
issues would be installed and updated by the administrator, so that
user-installed packages would automatically use the updated packages.
> - should the package manager point out the redundancy/outdatedness of a
> package when the host OS provided package is equal/newer?
I think that would be a useful feature, but it is not required for
user-mode installations as defined by the LSB.
> You run the risk to break things, upon such actions, hence every update
> needs rebuilding dependencies, or updating them too. I would say it's
> the user's risk to keep the local offset up-to-date (or not).
You can have two different versions of a library installed, even for
system-wide installs. In fact, with x86_64 installs you end up
installing both i686 and x86_64 packages - they just go in separate
> Of course host OS package manager (primary) and local user package manager (secondary) don't have to be the same type/program.
First, LSB specifies RPM as the format. Second, using the same package
manager for user and system installs will provide a more consistent
Michael Sweet, Easy Software Products mike at easysw dot com
Internet Printing and Publishing Software http://www.easysw.com
More information about the lsb-discuss