[maemo-developers] [maemo-developers] 'Locking down' software installation

From: Riku Voipio riku.voipio at movial.fi
Date: Tue Feb 27 15:37:31 EET 2007
Marius Vollmer wrote:

> The locked-down upgrade path could support more than one set of
> trusted sources down to the granularity of repositories.  This would
> allow other parties than Nokia to make use of this feature.  That's
> just a smop and might be done.
I think this the best approach. It would also be useful outside
maemo, aka at debian and at ubuntu. So it would be nice
if it can be implement at the lower levels, ie apt/dpkg.

One way of implementing this is:

1) When installing package store the origin (available from the Relese 
file of
repository) of the package into package /var/lib/dpkg/status.

2) When upgrading, refuse upgrading that package from other origins. Provide
a --force-override origin for power users.

First is easy to implement, second is hard :)

More information about the maemo-developers mailing list