An idea.... (Was: debfind.net (was: GNOME-HELIX))

To: debian-devel@lists.debian.org
Subject: An idea.... (Was: debfind.net (was: GNOME-HELIX))
From: Clay Crouch <danno@danno.tzo.com>
Date: Fri, 30 Jun 2000 08:51:18 -0500 (CDT)
Message-id: <[🔎] Pine.LNX.3.96.1000630083154.2007B-100000@danno.tzo.com>
In-reply-to: <[🔎] 20000630103044.A6539@solo>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Folks,

I am sure that we can all agree that the DEB format has reached
something of a 'critical mass'. People are creating unofficial debs,
and unofficial APT sources....

How far of a leap is it for someone to actually _create_ an unofficial
deb archive, as in a _real_ debfind.net?

If that should happen, how would we maintain QC?

Well.... My idea:

How's about putting lintian functionality in APT itself such that
it _quitely_ checks a deb during/after fetch for policy violations,
and possibly for namespace conflicts. If violations are found, it
warns the user that they might be about to break their system....

Also, we could put enough GPG functionality into APT to check package
signatures. If a package is not signed by a current Debian maintainer,
the user is warned.

If APT finds either policy/namespace violations or non-signed packages,
it prompts the user as to whether or not they _really_ want to install
the package, and if they do, the install continues regardless of any
breakage that may occur.

I am not sure of all of the technical ramifications of such a thing,
and I know that it would slow the apt-get process a bit, but would
something like this be worthwhile?

That way, we can keep 'official' debs that are almost certain to
work corrrectly due to our QC policies, and still allow others to
create their 'unofficial' repositories without causing _us_ any grief.

[ This plus a BTS: field in the control file, as discussed before.... ]

Is this workable, or am I out in Left Field here? ;^)

Cheers!
 ____________________________________________________________________
/ Clay Crouch, Shamless Bum ;^>    | <danno@danno.tzo.com>           \
| Linux Administration/Consulting  | <http://danno.tzo.com/~danno>   |
+----------------------------------+---------------------------------+
| GPG 7D2AD631: 2319 2356 FEDF 4631 63F3   762A E443 1C2A 7D2A D631  |
+--------------------------------------------------------------------+
| I speak only for myself.    Flames quietly consigned to /dev/null. |
+--------------------------------------------------------------------|
|          Debian Linux: The choice of a GNU generation!             |
\____________________________________________________________________/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)

iD8DBQE5XKXo5EMcKn0q1jERAtE3AJ0fA9SeTu2wEO+QHSRxJSQv9D9MhwCfWI5k
bzc4194jWWZnfBvzdzxZyds=
=d9Xl
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: An idea.... (Was: debfind.net (was: GNOME-HELIX))
  - From: "Jaldhar H. Vyas" <jaldhar@debian.org>
- Re: An idea.... (Was: debfind.net (was: GNOME-HELIX))
  - From: Ben Armstrong <synrg@sanctuary.nslug.ns.ca>
- Re: An idea.... (Was: debfind.net (was: GNOME-HELIX))
  - From: Daniel Burrows <Daniel_Burrows@brown.edu>

References:
- Re: debfind.net (was: GNOME-HELIX)
  - From: Raphael Hertzog <rhertzog@hrnet.fr>

Prev by Date: Re: GNOME-HELIX
Next by Date: Re: debfind.net (was: GNOME-HELIX)
Previous by thread: Re: debfind.net (was: GNOME-HELIX)
Next by thread: Re: An idea.... (Was: debfind.net (was: GNOME-HELIX))
Index(es):
- Date
- Thread