[maemo-developers] Application Manager scripting, second try

[From: Marius Vollmer]

"ext Kees Jongenburger" <kees.jongenburger at gmail.com> writes:

> On 2/27/07, Marius Vollmer <marius.vollmer at nokia.com> wrote:
>> "ext Kees Jongenburger" <kees.jongenburger at gmail.com> writes:
>> > What happens if the .install file wants to replace the uri or name
>> > of a catalogue?  Is this considered a security risk?
>>
>> Can you elaborate, with an example maybe?
>>
>> Catalogues are replaced as one unit and the user can review the
>> details of the new dialog when it is added (except in the card_install
>> interaction flow).
>
> I am just worried. Even if people are not "bad" , it just takes one
> typo in one install to brake the system and replace the
> repository.maemo.org bora extra's repository with a non working one

Hmm, I am afraid I still need more details to understand fully what
you have in mind.  Can you give a step-by-step list of what might
happen and what would be bad about it?  For example:

  - User clicks on foo.install on downloads.maemo.org
  - Application Manager adds the maemo Extras repository with
    components "free non-free" and installs the foo package
  - User removes the "free" component from the maemo Extras catalogue
    configuration

  -> Updates for foo will no longer be available

Note that in order for catalogues to be considered 'the same', they
right now have to have the same uri, dist, and component strings.

Maybe we should try to be smarter an merge catalogues with different
components but equal uris and dists somehow, but I don't want to get
too clever.  My idea is that the user either doesn't care about the
"Application Catalogues" dialog at all and is happy with what s/he
gets from .install files, or s/he knows what's going on and is not
confused.