Re: additional virtual packages for kde

To: Christian Schwarz <schwarz@monet.m.isar.de>
Cc: Debian Policy <debian-policy@lists.debian.org>, Andreas Jellinghaus <aj@dungeon.inka.de>
Subject: Re: additional virtual packages for kde
From: Rob Browning <rlb@cs.utexas.edu>
Date: 29 Nov 1997 10:13:58 -0600
Message-id: <[🔎] 87vhxbhe49.fsf@nevermore.csres.utexas.edu>
In-reply-to: Christian Schwarz's message of "Sat, 29 Nov 1997 11:29:22 +0100 (CET)"
References: <[🔎] Pine.LNX.3.96.971129112630.32747B-100000@monet>

Christian Schwarz <schwarz@monet.m.isar.de> writes:

> I still think that it's not our job to "judge" which packages are fine and
> which are not. What we can probably do, is to set up a web page which
> explains packages from third parties and describes their problems, but
> "hardcoded" a list into dpkg is too much, I think. If the user decides to
> install a package from someone else, he/she should be free to do it. dpkg
> could warn then, if the origin is unknown (i.e., if the PGP signature
> can't be checked) but should actually perform the installation if some
> --force-unknown-origin flag is set.

After further consideration, I agree.  We can't go around second
guessing and monitoring other "Origins".  We should just support the
origin field (and PGP verification), and leave it up to the user to
decide which organizations they trust.

-- 
Rob Browning <rlb@cs.utexas.edu>
PGP fingerprint = E8 0E 0D 04 F5 21 A0 94  53 2B 97 F5 D6 4E 39 30

Reply to:

References:
- Re: additional virtual packages for kde
  - From: Christian Schwarz <schwarz@monet.m.isar.de>

Prev by Date: Re: Changelog files
Next by Date: Re: Bug#15258: acknowledged by developer (cron shouts...)
Previous by thread: Re: additional virtual packages for kde
Next by thread: Re: additional virtual packages for kde
Index(es):
- Date
- Thread