[packagekit] ServicePack: The magic file

David Zeuthen david at fubar.dk
Fri Mar 28 10:02:01 PDT 2008


On Fri, 2008-03-28 at 10:07 +0000, Richard Hughes wrote:
> until the user trusts the media is valid

Btw, as I mentioned on your blog

 http://hughsient.livejournal.com/54131.html?thread=381299#t381299

there's really little point in asking whether the user trusts the media.

In fact, I'd argue it's harmful to even do so. I might be getting the
update media from some shady third party reseller or the media itself
may be a CD-R that one of my buddies handed to me.

E.g. there's a good chance that the media itself doesn't look 100%
authentic. But that's perfectly fine. We don't _care_ about the media,
we care about what's on it: that the packages are signed by a trusted
party.

So I think the whole Service Pack [1] idea simply boils down to the
ability to easily add media with repositories on them.

      David

[1] : I still don't like the name Service Pack. Also keep in mind SUSE
is already using that term for their equivalent of RHEL5.x updates for
their enterprise product. So better avoid it. But that's just my
personal preference.





More information about the PackageKit mailing list