I'm risking to got broadsided by Johannes despite again, but... Here we have proverb: nothing venture nothing have. I'll try.
On Sun, Jul 16, 2006 at 11:15:44PM +0200, Johannes Winkelmann wrote: > Note that while the syntax definitely looks sane, it introduces a tight > coupling between the location in the ports tree and the package > installation, and would therefore require us to include the repository > information as meta data. I don't see the reason why pkgmk should generate any repo information for the package if package building from sources. prt-get already informed about from which repo it builds the package. > Furthermore, when thinking of binary package management, this is easily > spoofed (i.e. pretending to be a core package); to establish real trust, > something like gnupg signatures might be better, although it would add > quite a bit of additional complexity. For the binary package management, the same story: there are binary package repositories, user can choose to which repository he trusts. If user downloaded single package, then he will not use prt-get, but pkgadd. Pkgadd already have most strict policy: permissions conflicts aborts pkgadd, as for the pre/post-install scripts... pkgadd have no clue about them. > Just my two cents here, > Johannes Same here. -- Anton (irc: bd2) _______________________________________________ crux-devel mailing list [email protected] http://lists.crux.nu/mailman/listinfo/crux-devel
