On Tue, Mar 26, 2002 at 07:46:55PM -0500, Ben Collins wrote:
> > Another comment: how is this/will this be intergrated with something
> > like apt-get? Will it be possible to have rules like "package x needs
> > to comply with policy x, package y needs to comply with policy y, all
> > others need to comply with the Debian release policy for woody?"
> No, read the docs. The policy is enforced by the origin and policy files
> (IOW, we decide it, it isn't arbitrarily up to the user). Dpkg has the
> ability to invoke the sig checker (not apt).
My interpretation of the docs + that statement (and I haven't seen any
docs that say checking will be done in dpkg FYI, so I might be wrong) is
that dpkg just gets a boolean value: false: no policy is valid for this
package; or true: at least one policy is valid for the package.
So what will happen if I want to use debian woody (assume it will
support this for the purpose of discussion) for all packages, but I
want to use the version of mozilla that somebody else (lets say X) has
compiled and put online their website?
This *is* something which is arbitrarily and needs to be decided
by the user.
Just because I trust person X to provide a good copy of mozilla doesn't
mean that I want to suddenly start receiving their compiled copies of,
say libc6 from their website too.
I have a number of ideas how this could be solved, but would be
interested if anybody else has thought about these issues first.
Brian May <firstname.lastname@example.org>
To UNSUBSCRIBE, email to email@example.com
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org