On Thu, 2009-11-19 at 12:44 -0500, Brett Smith wrote: > Unfortunately, I think so. I just ran gnome-app-install on a deltaH > box, and through there, I was able to find some of the other software > that's on the blacklist, like Ubufox and blobwars. gnome-app-install > wasn't always able to install those packages, but I think to be on the > safe side we need to make sure they never show up to begin with. And I > think the safest way to do that is to prepare a new app-install-data > package that doesn't include .desktop files for programs that shouldn't > be in an endorsed distribution.
I think I just had an epiphany and can explain this in a lot more detail now. :) gnome-app-install puts its data in a dedicated database in /var/cache. This cache is created by update-app-install. That program cross-references the .desktop files in app-install-data with what's available in the system's package repositories to make the final list of what shows up in gnome-app-install. But note that update-app-install runs relatively rarely. I haven't completely confirmed this, but I suspect that on Debian-based systems, it only runs from app-install-data's postinst script. The end result of this is that if the user installs gNewSense, and then later a package is removed from the gNewSense repositories because it breaks our guidelines, the package will still appear in gnome-app-install, until an update to app-install-data is released, or update-app-install gets invoked some other way. There are lots of possible ways to solve this problem. Right now, I feel like the best solution would be to release a new app-install-data package every time a package gets removed -- that goes as far as possible toward making sure that a user doesn't see software they didn't sign up for in gnome-app-install. But I think there are lots of other alternative solutions that would be fine too if that's too hard for some reason. -- Brett Smith Licensing Compliance Engineer, Free Software Foundation Support the FSF by becoming an Associate Member: http://fsf.org/jf
