Marius Vollmer wrote:
The locked-down upgrade path could support more than one set of
trusted sources down to the granularity of repositories. This would
allow other parties than Nokia to make use of this feature. That's
just a smop and might be done.
I think this the best approach. It would also be useful outside
maemo, aka at debian and at ubuntu. So it would be nice
if it can be implement at the lower levels, ie apt/dpkg.
One way of implementing this is:
1) When installing package store the origin (available from the Relese
file of
repository) of the package into package /var/lib/dpkg/status.
2) When upgrading, refuse upgrading that package from other origins. Provide
a --force-override origin for power users.
First is easy to implement, second is hard :)
_______________________________________________
maemo-developers mailing list
[email protected]
https://maemo.org/mailman/listinfo/maemo-developers
