Re: additional virtual packages for kde
Christian Schwarz <schwarz@monet.m.isar.de> writes:
> I think such a "blacklist" goes too far (cf. the current discussion on
> debian-private about "censored" packages). I don't think we should
> maintain such a list.
>
> However, we should probably implement something like the "Origin:" field.
> With that, dpkg could keep a list of vendors from which packages have
> already been installed on the system. If one tries to install a package
> from an unknown vendor (i.e., someone from which no packages have been
> installed already), dpkg should issue a warning before performing the
> installation.
Origin: is probably a good idea, but may very well be too general for
some important applications. What do we do if a particular source has
packages contributed by their people that are for the most part fine,
but there are one or two that are *really* broken. I know "blacklist"
has bad connotations, but in some cases it may be the right thing to
do.
I suppose we can just wait until this is actually an issue -- we don't
really have any pressing reason to worry about it now.
--
Rob Browning <rlb@cs.utexas.edu>
PGP fingerprint = E8 0E 0D 04 F5 21 A0 94 53 2B 97 F5 D6 4E 39 30
Reply to: