3) As DES pointed out, the package tools must be able
to read the metadata before the files.
Actually, the argument is pretty weak. Being able to extract them
streamable and access the meta-data easily is fine. The remote access
argument is very weak as it doesn't allow e.g. signature checks.
I presume you mean that you have to scan the entire
package to verify the signature before doing installation?
I don't think you do, really. If you can roll back an
installation, then you can verify the signature during
a streaming install; if the signature fails, you roll back.
A good package installer needs to support rollback anyway
to do robust dependency handling.
I know two relatively straightforward ways to structure
the installation process to support rollback. <sigh>
So many ideas, so little time... ;-)
Tim Kientzle
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
