Christian Schwarz <[EMAIL PROTECTED]> writes: > I think such a "blacklist" goes too far (cf. the current discussion on > debian-private about "censored" packages). I don't think we should > maintain such a list. > > However, we should probably implement something like the "Origin:" field. > With that, dpkg could keep a list of vendors from which packages have > already been installed on the system. If one tries to install a package > from an unknown vendor (i.e., someone from which no packages have been > installed already), dpkg should issue a warning before performing the > installation.
Origin: is probably a good idea, but may very well be too general for some important applications. What do we do if a particular source has packages contributed by their people that are for the most part fine, but there are one or two that are *really* broken. I know "blacklist" has bad connotations, but in some cases it may be the right thing to do. I suppose we can just wait until this is actually an issue -- we don't really have any pressing reason to worry about it now. -- Rob Browning <[EMAIL PROTECTED]> PGP fingerprint = E8 0E 0D 04 F5 21 A0 94 53 2B 97 F5 D6 4E 39 30

