Bug#207400: An RPM port of APT

To: Colin Walters <walters@verbum.org>
Cc: 207400@bugs.debian.org, Matt Zimmerman <mdz@debian.org>, Martin Michlmayr - Debian Project Leader <leader@debian.org>, "Alfredo K. Kojima" <kojima@conectiva.com.br>
Subject: Bug#207400: An RPM port of APT
From: Gustavo Niemeyer <niemeyer@conectiva.com>
Date: Thu, 28 Aug 2003 09:56:43 -0300
Message-id: <[🔎] 20030828125642.GA29014@ibook.distro.conectiva>
Reply-to: Gustavo Niemeyer <niemeyer@conectiva.com>, 207400@bugs.debian.org
In-reply-to: <[🔎] 1062047858.14110.68.camel@columbia>
References: <20030815080942.GA27462@regression.cyrius.com> <Pine.LNX.4.55L.0308151102500.3157@freak.distro.conectiva> <20030816134634.GC27519@regression.cyrius.com> <20030817164801.GH1361@alcor.net> <20030818163609.GB21676@ibook.distro.conectiva> <20030822031703.GK23625@alcor.net> <[🔎] 20030826200646.GA14954@ibook.distro.conectiva> <[🔎] 20030827010715.GV20504@alcor.net> <[🔎] 20030827191529.GA21636@ibook.distro.conectiva> <[🔎] 1062047858.14110.68.camel@columbia>

> > I've just read "How it works" in the URL you mentioned. That's exactly
> > how our system works. 
> 
> The high level is the same, but the implementation details are not. 
> Mainly we have a metaIndex object which itself queues the index files
> for download once it's done and verified.  This came out of a lot of
> discussion with Jason.  Also the fingerprint checking is a bit more
> abstracted.  And there's other things too that I don't recall offhand.

I'm surprised for knowing about this just now. I'd like to have made
part of that discussion. Anyway, I hope Matt will be able to extract
whatever he finds interesting from both implementations, and will take
care as hard as possible to avoid breaking legacy usage. I'll merge
it back into apt-rpm once it's there (of course, as far as it doesn't
break our system completely).

> > They have even mentioned to be using a "small
> > part" of our code in the "Authors" section (besides that which was
> > *already* merged in APT, I belive).
> 
> Yeah.  We took your gpg method, and turned it into a gpgv method, since
> using root's keyring doesn't seem like a good idea to me.
> There were other smallish cleanups and fixes associated with this.

We haven't found any problems using root's keyring for that, since
nobody usually takes the root keyring for personal applications, and a
system application like this seems legitimate for that. Anyway, that
could be easily made configurable in the gpg method. That's the kind of
stuff that breaks compatibility between our implementations
unnecessarily. Matt, please check this when merging. I'm able to help
you if necessary.

-- 
Gustavo Niemeyer
http://niemeyer.net

Reply to:

References:
- Bug#207400: An RPM port of APT
  - From: Gustavo Niemeyer <niemeyer@conectiva.com>
- Bug#207400: An RPM port of APT
  - From: Matt Zimmerman <mdz@debian.org>
- Bug#207400: An RPM port of APT
  - From: Gustavo Niemeyer <niemeyer@conectiva.com>
- Bug#207400: An RPM port of APT
  - From: Colin Walters <walters@verbum.org>

Prev by Date: Bug#207400: An RPM port of APT
Next by Date: Bug#207656: completed dutch po file
Previous by thread: Bug#207400: An RPM port of APT
Next by thread: Bug#207400: An RPM port of APT
Index(es):
- Date
- Thread