[packaging] Useing distro package managers. Was: Re: Meeting next week to discuss trusted third-party repositories
Tortanick
tortanick at googlemail.com
Sun Dec 21 09:54:39 PST 2008
On Sunday 21 December 2008 15:04:54 you wrote:
>
> Actually, come to think of it, I've been saying the same thing,
> but not quite in the same way. There should be a pseudouser for
> each vendor, /opt/$vendor should be owned by that pseudouser,
> and the package manager should setuid to that user before
> installing the package. Would that do for you?
I'm not sure I see the advantage over a single /opt pseudouser but I have no
real objection to the above. Cruft in the form of left over users from
uninstalled apps is really minor and could easily be autoremoved.
> I prefer to normally restrict files to /opt/$vendor;
> packages that want to do more have to be allowed, but we don't have
> to make it easy for the casual user.
Where I'd draw the line is that you can't have a situation where an install
wont complete if the user won't allow files outside of /opt/$vendor. I
suppose symlinks might be ok with all the real files in /opt.
I do have to ask two questions though: what kind of programs do you see that
actually need to be outside /opt, and how do you plan to get round diffrences
in a distro's file layout?
> A trust network seems like a must. I don't know what it would look like,
> but each distro would probably have a list of ISVs they trust.
I was thinking something along the lines of a simple server, the package
manager send its the name of a package read from the meta-data, and the
server responds with a few a raiting and a paragraph or two of text
explaining why it got that raiting, e.g:
"Name: MediaPlayer
Raiting 3/5 (Flawed)
Installation behaves fine however when you run MediaPlayer for the first time
it will make itself the default player for all types of media, both on the
desktop and through firefox, however if you undo these changes it will not do
so again."
Anyone could run a server, and if they're good at it users will trust them and
add their url to a sources.list file of trusted servers, much like with Spam
blacklists: anyone can run one and if admins trust them they'll add it to
there filtering, I see no reason a distro can't run a server.
> Yes, eventually. Until the LSB is really complete, though, we'll
> probably have to whitelist a few other really common libraries.
Is that a better solution that just bundeling those with apps for a while?
> I prefer living with the existing distro formats. ISVs can fairly easily
> do the alien'ing or rebuilding on their own, and provide repos in
> the two or three popular distro formats. We need to keep a big squeaky
> bat to hit anybody who comes up with a new format, supporting two
> is plenty hard, I'm not at all happy with Pardus for inventing a new one.
I was under the impression that ISVs had quite vocally said they didn't want
to have to mantain multiple formats, at least that was the main reason I
ruled out asking the ISVs to do it themselves.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://lists.linux-foundation.org/pipermail/packaging/attachments/20081221/bc14d737/attachment.pgp
More information about the packaging
mailing list