Brock Pytlik wrote:
Darren J Moffat wrote:
If a security patch is available for a library,
> typing pkg install <lib> shouldn't result in that package being marked
> as intentionally installed. Thus, only the initial install of a
> package will typically set the user_installed value.
How will we know if it is a security patch ?
It was an example. To put it more simply, upgrading any package for any
reason doesn't signify user intent. Does that help make things clearer?
It makes it clearer that security patches aren't special but it makes it
totally confusing to me that an explicit action on a specific package
isn't user intent. If me intentionally typing 'pkg install php' isn't
an indication of my intent to explicitly install php I don't know what is.
Maybe the confusion here is that 'pkg install' is really 'pkg install'
and 'pkg upgrade-to-the-latest-if-already-installed' ? Actually no
maybe about it for me it is confusing and I would rather see a separate
'pkg install' and 'pkg upgrade' That way the user intent would be more
obvious:
a) I explicitly installed package A when it wasn't previously
b) I explicitly upgraded package A when it was already there
I guess you can programatically tell the difference between those two
outcomes just now but with a single 'pkg install' you can't really tell
what the user actually intended: install if not there or upgrade if it
is - in my head those are very different intent but with the same
initial outcome.
--
Darren J Moffat
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
