On Tue, 22 Jun 2010, FlorianFesti wrote:
On 06/21/2010 10:58 PM, Steve Lawrence wrote:
The main issue we have with this is that rather than being controlled by
RPM, any package can now become a "collection owner" and do whatever it
wants when the collection action is triggered. With that we would have
to deal with the possibility of multiple collection owners and malicious
packages defining their own collection actions and doing bad things. But
I guess they could just do their bad things in %post scripts, so maybe
that point is moot.
Malicious and simply unintentional mistakes in packaging can do a lot of
harm anyway, I dont think collections need any special precautions wrt
that.
Several packages being able to subscribe to the same collection makes perfect
sense IMHO. Think about different caches that need to be updated - may be for
GNOME and KDE and may be some other desktops.
If the collection would be made more Provides like - or if we autogenerate
appropriate Provides - this could be handled with the standard rpm
mechanisms:
Packages could Require someone handling the collection. Handlers could
Conflict with others to make sure they are the only ones.
Yup, several packages in a transaction claiming to own a given collection
name could be made to conflict automatically I suppose.
Moving the collection ownership to packages opens up quite a can of worms
though, things like
- what to do with multilib collection owner packages (eg fontconfig)
- correctly dealing with upgrades and obsoletion wrt installed collection
owners vs collection owners in a transaction
...etc
- Panu -
_______________________________________________
Rpm-maint mailing list
[email protected]
http://lists.rpm.org/mailman/listinfo/rpm-maint
