[maemo-developers] Ask for removal of some packages from Extras Fremantle repository
From: Marius Vollmer marius.vollmer at nokia.comDate: Tue Mar 23 09:53:04 EET 2010
- Previous message: Ask for removal of some packages from Extras Fremantle repository
- Next message: Ask for removal of some packages from Extras Fremantle repository
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
ext Attila Csipa <maemo at csipa.in.rs> writes: > On Tuesday 23 March 2010 01:00:19 Gary Birkett wrote: >> why doesn't HAM allow somebody to use a later provided version from Beniots >> own repository? >> there would be nothing wrong with leaving everything existing and Beniot >> can get what he wants by still offering users the opportunity to add his >> own repository and gain later updates and we retain the polished solid >> versions available for regular users. > > There was some mention of this previously. Basically, the issue is > authenticity (package hijacking avoidance, whether intentional or not), and/or > generic cross-repository FUBAR avoidance. Imagine what would happen during the > Qt4.5 to Qt4.6 transition if we had external repositories containing apps > referencing Qt. Yes, exactly. I originally put the "package domain" system into HAM as an attempt to reduce the 'repository mess'. Of course, this prevents packages to legitimally move from one domain to another, which is sometimes wanted. The domain system is not secure: any package can modify it, you just have to convince users to install that package. But that modification at least does not happen by accident. Now, we might end up with a "domain mess" when people really start creating their own domains. I hope that that does not happen, but if it does, we should probably improve how HAM determines which domain dominates which other domains, and maybe even involve the user in this. This is my neutral view as a provider of some of the technology. Of course, the maemo.org Extras repository is The One, and I think it is really really bad when people move their packages out of it. As has been said, a good reaction of the maemo.org community would be to just take over maintainership of those packages, and essentially copy them back into maemo.org Extras whenever a new version appears out there. This should not be a lot of work if the package doesn't need significant improvement to pass the QA criteria, and if it does, it can just be left out if nobody wants to do that work. That would be a win for everybody: Benoit can publish his versions in his own repository/domain and doesn't have to bother with the maemo.org processes. Still, his packages end up in maemo.org Extras, and might even be improved in the process.
- Previous message: Ask for removal of some packages from Extras Fremantle repository
- Next message: Ask for removal of some packages from Extras Fremantle repository
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]