[packagekit] Res: One click install support in PackageKit
Richard Hughes
hughsient at gmail.com
Wed Apr 1 02:14:21 PDT 2009
On Wed, 2009-04-01 at 03:30 +0530, Debayan Banerjee wrote:
> 3) Add voting system to Package Manager:
> The word trust has mean something that the end user understands, as
> opposed to GPG keys. One way of defining trust is by votes. It is my
> proposal that we enable a voting system at the package manager end so
> that every time a repository is added and a package installed for the
> first time users are asked for a "Recommend" vs "Do not recommend"
> vote.
I don't think popularity can be inferred from trust or vice versa. If
you digg a link to the "new* nvidia drivers you'll have thousands of
hits to your repo, instantly making it popular (and in your scheme,
trusted). There's no trust there, as the new nvidia driver could has a
keylogger shipped with the package, which took a few days for someone to
find.
There's always the "bored developer" problem too. A developer picks up a
bit of software, packages it, and puts it in an archive. After a few
months the developer stops re-packaging it, which means if the upstream
repo changes from one version of a library to another, the update only
half completes, and the system library is stuck at a low version until
the package is removed or updated.
Richard.
More information about the PackageKit
mailing list