[maemo-users] [maemo-users] 'Locking down' software installation

From: James Sparenberg james at linuxrebel.org
Date: Fri Feb 16 04:59:33 EET 2007
On Thursday 15 February 2007 11:38:29 Marius Vollmer wrote:
> "ext Levi Bard" <taktaktaktaktaktaktaktaktaktak at gmail.com> writes:
> > Say you've just released an OS metapackage, maemo 3.1 sturgeon, and
> > then one the guys working on cairo makes a huge breakthrough in
> > speed and stability.  You want users to be able to upgrade, but now
> > you have to release a new OS metapackage to do so, [...]
> Yes, and I actually see this as a feature, since there is no "apt-get
> upgrade" functionality in the Application Manager.  Users would get
> the newer vesion of cairo by accident, when they install or upgrade a
> non-hidden package that depends on cairo.
> Another example are security fixes: they too will require a meta
> package.  I think the additional burdon to maintain this meta package
> is not too high.
> >> The meta package could depend on 'this version or later' [...]
> >
> > I am wholly in favor of this, as may be gathered from my previous
> > paragraph.  And the "trusted repository" scheme means that the device
> > is just as locked down for support purposes.
> Not exactly: we do not only want to control which individual packages
> you can install, but also which combinations.  Say there is a new
> version of cairo, but we figure out that we also need to upgrade the
> internet radio applet since it had a bug that--by chance--wasn't
> triggered by the old version of cairo.  So we want to only support the
> new cairo together with the new radio applet.
> With a version locked meta package, we can make sure that the user
> gets the right combinations of packages.

umm Maybe I'm missing something but since this is debian based .deb's handle 
this quite well.  XXX.deb can require YYY.deb version 2.1 or greater.  You 
are going to not only go nuts building meta packages but also go nuts trying 
to re-invent in a way a wheel you already have.  I can understand the meta 
for going from 2.0 to 2.2 for example (all done one fell swoop) but why 
update everthing just to include a couple of K of changes.   

I tried to install and test a debian armel pkg earlier today but I couldn't 
because a core dependency isn't met on the Nokia.  No sweat, If I had had the 
armel repository in my repositories it would have given me the full chaos of 
the dependency chain then stopped and waited for my approval.  

Be careful when protecting idiots, you usually end up losing the people you 
want to keep and getting stuck with a load of empty heads.


> If you want to try out the new cairo anyway before Nokia releases the
> official meta package that pulls it in, you can do that of course by
> using apt-get or the red-pill mode.
> _______________________________________________
> maemo-users mailing list
> maemo-users at maemo.org
> https://maemo.org/mailman/listinfo/maemo-users

More information about the maemo-users mailing list