"Download & Install" vs "Repositories & Synaptic" and the need
for a new URI [Was: Re: Going forward [Re: Automatix?]]
Tristan Wibberley
maihem at maihem.org
Sat Apr 1 14:32:22 BST 2006
Chanchao wrote:
> On Fri, 2006-03-31 at 21:43 +0100, Tristan Wibberley wrote:
>
>> I think such a click install thing should be able to just select
>> packages from pre-configured repositories, and should be able to
>> *request* temporary addition of repositories, with the client giving a
>> *big* fat warning for new packages to be installed, and an even
>> *bigger*, *fatter* warning for packages being replaced that were
>> initially installed from a repository with a different signature.
>
> Yes, or not allow it at all. Chances are that whatever the app is, it's
> in the usual repositories. Just a link that points to it from a website
> is enough IMHO. It should not make things less secure.
I was thinking about the problem of Replaces:,Conflicts: directives.
Actually, Conflicts: alone, and Depends: will be a problem since they
could inhibit future security updates from the official sources, so
there needs to be a way to prioritise sources.
--
Tristan Wibberley
More information about the sounder
mailing list