[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Handling of removed packages

Hi,

On Thu, 2008-05-29 at 21:37:28 +0200, Franklin PIAT wrote:
> I suggest to modify dpkg so it refuse to install package, unless the
> option "--insecure" is specified. Such option's manpage description
> would be :

That'd be mostly just annoying for no actual benefit. It would break
existing software using 'dpkg -i', and people would end up adding that
option to the config file.

> > dpkg --install --insecure package_file...
> > The option --insecure is now mandatory to install a ".deb" package.
> > 
> > Installing a ".deb" file manually is considered a bad practice (i.e
> > insecure), because the package wouldn't be updated when the maintainer
> > release a security update.

This is not true if the package comes from the repo you've fetched it
from.

> > Instead of downloading and installing a .deb file, you should declare
> > it's apt repository. This is done by adding the package's repository
> > to /etc/apt/sources.list or /etc/apt/sources.list.d/. See
> > sources.list(5).

There's few other ways to upgrade a system than with apt.

> * This option would be an effective solution to educate new users.
> * For the same reason, we should remove gdebi's "Install" button.

I don't think this kind of punishment would educate any users. So I
don't see this being implemented in dpkg, sorry.

regards,
guillem
Reply to: