I'm risking to got broadsided by Johannes despite again, but... Here we have proverb: nothing venture nothing have. I'll try. On Sun, Jul 16, 2006 at 11:15:44PM +0200, Johannes Winkelmann wrote:
Note that while the syntax definitely looks sane, it introduces a tight coupling between the location in the ports tree and the package installation, and would therefore require us to include the repository information as meta data.
I don't see the reason why pkgmk should generate any repo information for the package if package building from sources. prt-get already informed about from which repo it builds the package.
Furthermore, when thinking of binary package management, this is easily spoofed (i.e. pretending to be a core package); to establish real trust, something like gnupg signatures might be better, although it would add quite a bit of additional complexity.
For the binary package management, the same story: there are binary package repositories, user can choose to which repository he trusts. If user downloaded single package, then he will not use prt-get, but pkgadd. Pkgadd already have most strict policy: permissions conflicts aborts pkgadd, as for the pre/post-install scripts... pkgadd have no clue about them.
Just my two cents here, Johannes
Same here. -- Anton (irc: bd2)